Dear SCO Customer, Support Level Supplement (SLS) ptf7073c, the UnixWare 7.0.0, 7.0.1 passwd and login Supplement, resolves the following problems: 1. With SLS ptf7073c, passwd(1) is not vulnerable to a known buffer overflow. Previously, when a long command line argument was selected, it could overrun buffers because of a lack of bounds checking. 2. Addresses a security vulnerability in the localization code in libc. Note: For the complete resolution to this problem, the libc SLS for the specific UnixWare 7 release also needs to be installed on the system: For UnixWare 7.0.0 - SLS ptf7003i For UnixWare 7.0.1 - SLS ptf7051f 3. passwd -sa can display incorrect information about the status of passwords. For example, passwd -sa may list users as locked (LK) when they are unlocked. New to SLS ptf7073c: 4. When logging into accounts, which are configured with "Force the user to change the password at the next login", a login to these accounts is not possible if the ttymon is configured with PPP support (-P option to ttyadm). Contents -------- /usr/bin/passwd /usr/lib/iaf/cr1/scheme /usr/lib/iaf/in.login/scheme /usr/lib/iaf/login/scheme Software Notes and Recommendations ---------------------------------- SLS ptf7073c should only be installed on: UnixWare 7 Release 7.0.0 or 7.0.1 Installation Instructions ------------------------- 1. Download the ptf7073c.Z file to the /tmp directory on your machine. 2. As root, uncompress the file and add the SLS package to your system using these commands: $ su Password: # uncompress /tmp/ptf7073c.Z # pkgadd -d /tmp/ptf7073c # rm /tmp/ptf7073c Alternatively, SLS ptf7073c may be installed in quiet mode, that is, without displaying the release notes and asking for installation confirmation. To do this, use these commands: $ su Password: # uncompress /tmp/ptf7073c.Z # pkgadd -qd /tmp/ptf7073c all # rm /tmp/ptf7073c 3. There is no need to reboot the system after installing this SLS package. The release notes displayed prior to installation can be found in: /var/sadm/pkg/ptf7073/install/ptf7073.txt Removal Instructions -------------------- 1. As root, remove the SLS package using these commands: $ su Password: # pkgrm ptf7073 2. There is no need to reboot the system after removing this SLS package. If you have questions regarding this SLS, or the product on which it is installed, please contact your software supplier.