Dear SCO Customer,

Support Level Supplement (SLS) ptf7449c, the UnixWare 7.1.0 Internet
Applications Supplement, addresses the following problems:

SLS ptf7449a addresses the following issues:

1.  The FTP daemon, /usr/sbin/ftpd (based on WU-FTPD), has a security
    vulnerability that can allow unprivileged users to obtain root
    access through use of the "site exec" command. This vulnerability
    is described in CERT advisory CA-2000-13 (see http://www.cert.org).

2.  An associated segmentation violation in /usr/bin/ftp occurred.

SLS ptf7449b additionally address the following issues:

3.  An exploitable buffer overflow in "rcp" that can lead to access to
    kernel memory.

4.  An exploitable buffer overflow in "telnet", "talk", "otalk" and
    "ftp" than can lead to raised privileges.

SLS ptf7449c address this issue:

5.  Cursor freezes after hitting delete in double telnet session.



Contents
--------

        /usr/bin/ftp
        /usr/sbin/in.ftpd
        /usr/bin/netstat
        /usr/bin/rcp
        /usr/bin/rdist
        /usr/bin/ruptime
        /usr/bin/rwho
        /usr/bin/telnet
        /usr/bin/ttcp
        /usr/bin/talk
        /usr/bin/otalk


Software Notes and Recommendations
----------------------------------

SLS ptf7449c should only be installed on:

        UnixWare 7 Release 7.1.0

SLS ptf7449c is dependent upon the presence of the following SLS
packages:

        SLS ptf7408e
        SLS ptf7446f

SLS ptf7408e should be installed prior to installing SLS ptf7446f.


Installation Instructions
-------------------------

1. Download the ptf7449c.Z file to the /tmp directory on your machine.

2. As root, uncompress the file and add the SLS package to your system
   using these commands:

        $ su
        Password: <type your root password>
        # uncompress /tmp/ptf7449c.Z
        # pkgadd -d /tmp/ptf7449c
        # rm /tmp/ptf7449c

Alternatively, this SLS package may be installed in quiet mode,
that is, without displaying the release notes and asking for
installation confirmation.  To do this, use these commands:

        $ su
        Password: <type your root password>
        # uncompress /tmp/ptf7449c.Z
        # pkgadd -qd /tmp/ptf7449c all
        # rm /tmp/ptf7449c

3. There is no need to reboot the system after installing this SLS
package.

The release notes displayed prior to installation can be found in:

        /var/sadm/pkg/ptf7449/install/ptf7449.txt


Removal Instructions
--------------------

1. As root, remove the SLS package using these commands:

        $ su
        Password: <type your root password>
        # pkgrm ptf7449

2. There is no need to reboot the system after removing this SLS
package.


If you have questions regarding this SLS, or the product on which 
it is installed, please contact your software supplier.