___________________________________________________________________________

	    Caldera International, Inc. Security Advisory

Subject:		Open UNIX, UnixWare: OpenSSH channel code vulnerability
Advisory number: 	CSSA-2002-SCO.11
Issue date: 		2002 March 12
Cross reference:	CSSA-2002-SCO.10
___________________________________________________________________________


0. Revision History

	2002 March 20
	
	This package requires the zlib  and PRNGD libraries to install
	and  run properly.  Section 4.3  is  updated  below to include
	these packages.


1. Problem Description

	A  bug exists in the  channel code  of  OpenSSH  versions  2.0
	though 3.0.2.

	Existing users can use this bug  to gain root privileges.  The
	ability to exploit this vulnerability without an existing user
	account  has  not  yet  been  proven,  but  it  is  considered
	possible.  A  malicious ssh server could also  use this bug to
	exploit a connecting vulnerable client.
						

2. Vulnerable Supported Versions

	Operating System	Version		Affected Files
	------------------------------------------------------------------
	UnixWare		7.1.1		all ssh distribution files
	Open UNIX		8.0.0		all ssh distribution files


3. Workaround

	None.


4. Open UNIX, UnixWare

  4.1 Location of Fixed Binaries

	ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.11/


  4.2 Verification

	MD5 (openssh-3.1p1.pkg) = 795ce670574cfad348996be551cd498e

	md5 is available for download from
		ftp://stage.caldera.com/pub/security/tools/


  4.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following commands:

	Download openssh-3.1p1.pkg to the /tmp directory

	# pkgadd -d /tmp/openssh-3.1p1.pkg


	NOTE:

	The zlib  and  PRNGD  packages are required  to  be  installed
	before  OpenSSH  will work. These packages  can  be downloaded
	from:

	ftp://ftp2.caldera.com/pub/skunkware/uw7/Packages/zlib-1.1.4.pkg
	ftp://ftp2.caldera.com/pub/skunkware/uw7/Packages/prngd-0.9.23.pkg

	They should  be  installed using  the  same  procedure  as the
	OpenSSH package.


5. References

	http://www.pine.nl/advisories/pine-cert-20020301.txt

	This and other advisories are located at
		http://stage.caldera.com/support/security

	This advisory addresses Caldera Security internal incidents
	sr861335, fz520314, erg711983.


6. Disclaimer

	Caldera International, Inc. is not  responsible for the misuse
	of  any of  the  information we provide on  our website and/or
	through our  security advisories. Our advisories are a service
	to  our customers  intended to promote secure installation and
	use of Caldera International products.


7. Acknowledgements

	Joost  Pol  <joost@pine.nl>  discovered  and  researched  this
	vulnerability.

___________________________________________________________________________