Subject: Unixware 7.1.0: FTP Service Advisory number: n/a Issue date: n/a ftp://stage.caldera.com/pub/security/sse/ptf7449a Dear SCO Customer, Support Level Supplement (SLS) ptf7449a, the Unixware 7.1.0 FTP Service, addresses the following problems Problem Fixed ------------- fz512195 erg711408 Fixes a security vulnerability in /usr/sbin/in.ftpd and an associated segmentation violation in /usr/bin/ftp. The security vulnerability in /usr/sbin/in.ftpd could allow an unpriviledged user to obtain "root" priviledges through use of the "site exec" command. This vulnerability is described in CERT advisory CA-2000-13 (see http://www.cert.org) SLS ptf7449a is dependent upon the presence of the following packages: ptf7408e ptf7446c SLS ptf7408e should be installed prior to installing ptf7446c. Contents -------- /usr/bin/ftp /usr/sbin/in.ftpd Software Notes and Recommendations ---------------------------------- ptf7449 should only be installed on: UnixWare 7.1.0 If your system is running any libraries or commands that are contained in this SLS, then these programs will continue to run with the old versions of these libraries or commands until the the system is rebooted. Note that when all necessary patches have been installed, it is good practice to reboot the system at the earliest opportunity. This will ensure that no programs continue to run with the old libraries or commands. Installation Instructions ------------------------- 1. Download the ptf7449a.Z file to the /tmp directory on your machine. 2. As root, uncompress the file and add the package to your system using these commands: $ su Password: # uncompress /tmp/ptf7449a.Z # pkgadd -d /tmp/ptf7449a # rm /tmp/ptf7449a Alternatively, this SLS package may be installed in quiet mode, that is, without displaying the release notes and asking for confirmation. To do this, use these commands: $ su Password: # uncompress /tmp/ptf7449a.Z # pkgadd -qd /tmp/ptf7449a all # rm /tmp/ptf7449a 3. There is no need to reboot the system after installing this package. The release notes displayed prior to installation can be found in: /var/sadm/pkg/ptf7449/install/ptf7449.txt Removal Instructions -------------------- 1. As root, remove the package using these commands: $ su Password: # pkgrm ptf7449 2. There is no need to reboot the system after removing this package. If you have questions regarding this supplement, or the product on which it is installed, please contact your software supplier.