___________________________________________________________________________

	    Caldera International, Inc. Security Advisory

Subject:		Open Unix 8, UnixWare 7.1.1: in.telnetd buffer overflow
Advisory number: 	CSSA-2001-SCO.9
Issue date: 		2001 August 1
Cross reference:
___________________________________________________________________________



1. Problem Description
	
	The telnet daemon /usr/sbin/in.telnetd is subject to a buffer
	overflow problem that could be used by a malicious user to
	gain unauthorized access to a system.


2. Vulnerable Versions

	Operating System	Version		Affected Files
	------------------------------------------------------------------
	UnixWare 7		All		/usr/sbin/in.telnetd
	Open Unix 8		All		/usr/sbin/in.telnetd

3. Workaround

	None.


4. UnixWare 7

  4.1 Location of Fixed Binaries

	ftp://stage.caldera.com/pub/security/unixware/CSSA-2001-SCO.9/


  4.2 Verification

	md5 checksums:
	
	3870368dee25d0c957125c53c91599ee	erg711792a.Z


	md5 is available for download from

		ftp://stage.caldera.com/pub/security/tools/


  4.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following commands:

	# uncompress /tmp/erg711792a.Z
	# pkgadd -d /tmp/erg711792a


5. Open Unix 8

  5.1 Location of Fixed Binaries

	ftp://stage.caldera.com/pub/security/openunix/CSSA-2001-SCO.9/


  5.2 Verification

	md5 checksums:
	
	60be575699c0d719ae2cac0261de0bd7	erg711792b.Z


	md5 is available for download from

		ftp://stage.caldera.com/pub/security/tools/


  5.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following commands:

	# uncompress /tmp/erg711792b.Z
	# pkgadd -d /tmp/erg711792b


6. References

        This, and other advisories are located at
                http://stage.caldera.com/support/security

        This advisory addresses Caldera Security internal incident sr849877.


7. Disclaimer

	Caldera International, Inc. is not responsible for the misuse
	of any of the information we provide on our website and/or
	through our security advisories. Our advisories are a service
	to our customers intended to promote secure installation and
	use of Caldera International products.


8.Acknowledgements

	Caldera International would like to thank Sebastian
	<scut@nb.in-berlin.de> for his posting on bugtraq, and KF
	<dotslash@snosoft.com> for reporting the problem to us.
	 
___________________________________________________________________________