Privacy and Legal Notice

CIAC INFORMATION BULLETIN

F-05: SCO Unix at, login, prwarn, sadc, and pt_chmod Patches Available

December 6, 1994 0800 PST 

PROBLEM:       Security vulnerabilities exist in SCO system software.
PLATFORMS:     SCO Unix System V/386 Release 3.2 Versions 4.2, 4.1, and 4.0,
               SCO Open Desktop Lite Release 3.0,
               SCO Open Desktop Release 3.0 and 2.0,
               SCO Open Server Network System Release 3.0, and
               SCO Open Server Enterprise System Release 3.0.
DAMAGE:        Local users may gain privileged access to the system.
SOLUTION:      Install SSE's as described below.


VULNERABILITY  These vulnerabilities have been announced on the Internet.
ASSESSMENT:    Automated exploitation scripts are beginning to be distributed
               as well. CIAC urges sites to install these patches as soon as
               possible.

Critical Information about the SCO Security Patches

CIAC has received information from the Santa Cruz Operation (SCO) regarding patches to correct serious vulnerabilities in SCO Unix system software. These vulnerabilities will allow local users to gain root access to the system. The SCO Advisory announcing these patches is reprinted in its entirety below. Please refer any questions to CIAC. 
===========================================================================
 			     SCO Advisory 94:001
                             November 30th, 1994
	Patches for at(C), login(M), prwarn(C), sadc(ADM), pt_chmod
---------------------------------------------------------------------------

The Santa Cruz Operation has been informed of the following problems present
in our software.

I.   Description

     The programs at(C), login(M), prwarn(C) sadc(ADM), and pt_chmod
     may each allow unauthorized root access to the system. 

     There are four unrelated issues present, one for each program listed
     above.


II.  Impact

     Any user with an account on the system may obtain root access using
     any one of the programs listed.


III. Releases

     These problems exist on the following releases of SCO Products:

	SCO Unix System V/386 Release 3.2 Versions 4.2, 4.1, and 4.0
	SCO Open Desktop Lite Release 3.0
	SCO Open Desktop Release 3.0 and 2.0
	SCO Open Server Network System Release 3.0
	SCO Open Server Enterprise System Release 3.0

IV. Solution

     SCO is providing the following (S)ystem (S)ecurity (E)nhancements, SSEs,
     to address these problems. These are preliminary patches which SCO
     feels addresses the issues at hand, but these patches have not been
     fully tested and integrated and hence cannot officially be supported.
     Official patches should be available in the near future via a
     (S)upport (L)evel (S)upplement. (SLS). The README file mentioned below
     will be updated when an official Supplement is available.

     Binary		Patch
     ------		------
     at(C)		sse001
     login(M)		sse002
     prwarn(C)		sse003
     sadc(ADM)		sse004
     pt_chmod		sse005


     These are available at the following sites:

     Anonymous ftp: ftp.sco.COM:/SSE

     UUCP downloading, and SOS access:	sosco (USA), scolon (Europe),
     in the directory /usr/spool/uucppublic/SSE. Note that access to these
     Supplements at scolon may not be available until December 2nd, 1994.

     The filename conventions are as follows:

 	ssexxx.tar.Z		- compressed tar file of supplement
	ssexxx.ltr.Z		- compressed cover letter for supplement

	xxx indicates the number of the supplement, i.e. sse001.tar.Z.

     See the README file in the directories listed above for checksum
     information. Connection information is available at the end of this
     document.

     Please note that these Supplements are not generally available from
     SCO on diskette media.

If you have further questions, contact your support provider.  If you
need to contact SCO, please send electronic mail to support@sco.COM, or
contact SCO as follows. 

        USA/Canada: 6am-5pm Pacific Standard Time (PST)
        -----------
        1-800-347-4381  (voice)
        1-408-427-5443  (fax)

        Pacific Rim, Asia, and Latin American customers: 6am-5pm Pacific
        ------------------------------------------------ Standard Time
                                                         (PST)
        1-408-425-4726  (voice)
        1-408-427-5443  (fax)

        Europe, Middle East, Africa: 9am-5:30pm British Standard Time (BST)
        ----------------------------
        +44 (0)923 816344 (voice)
        +44 (0)923 817781 (fax)

Downloading Information
-----------------------

ftp to ftp.sco.com
Login name: ftp
Password: your email address

For anonymous UUCP connection:
------------------------------

For USA, Canada, Pacific Rim, Asia and Latin America customers:

Machine name:  sosco
Login name:  uusls  (fourth character is the letter "l")
No password

List of modems available for UUCP transfer from sosco.sco.com:

Standard V.32, (300-9600bps)     4@   408-425-3502
Hayes V Series 9600              2@   408-427-4470
Telebit Trailblazer                   408-429-1786


For Europe/Middle East/Africa customers there is a system located at
SCO EMEA (London):

Machine name:  scolon
Login name:  uusls
Password:  bbsuucp

List of modems available for UUCP transfer from scolon.sco.com:

Dowty Trailblazer  +44 (0)923 210911



For SCO Online Support (SOS) BBS download:
------------------------------------------

For those customers that have accounts on SOS these files can be
downloaded interactively via X, Y, Z MODEM or Kermit. Follow the
menus selections under "Toolchest" from the main SOS menu.

List of modems available for interactive transfer from sosco.sco.com:

First four are Standard V.32 (300-9600bps)      408-426-9495
Last three are Hayes 2400 compatible 

Telebit Trailblazer                             408-426-9525



For ftp via World Wide Web:
---------------------------

URL to open:  ftp://www.sco.com

These problems, except for pt_chmod, were reported to the Santa Cruz
Operation by the "[8LGM] Security Team", 8lgm@bagpuss.demon.co.uk.
CIAC services are available to DOE, DOE Contractors, and the NIH. CIAC can be contacted at: 
    Voice:          +1 925-422-8193 (7 x 24)
    FAX:            +1 925-423-8002
    STU-III:        +1 925-423-2604
    E-mail:          ciac@ciac.org
    World Wide Web:  http://www.ciac.org/
    Anonymous FTP:   ftp.ciac.org
This document was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor the University of California nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation or favoring by the United States Government or the University of California. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or the University of California, and shall not be used for advertising or product endorsement purposes.
UCRL-MI-119788
[Privacy and Legal Notice]