Dear SCO Customer, Support Level Supplement (SLS) PTF3383B, the SCO Evaluation Security Supplement, contains the following changes needed for the SCO UnixWare Release 2.1.0 C2 evaluation: 1. CERT (Computer Emergency Response Team) identified a vulnerability in the at(1) utility in CERT advisory CA-97.18 (12 June 1997). The new at(1) utility provided in this SLS addresses this vulnerability. The CERT advisory is available from : ftp://info.cert.org/pub/cert_advisories/CA-97.18.at 2. A revised version of the 'scheme' binary is included. This version of 'scheme' addresses a problem with the DISABLETIME parameter that is configurable with defadm(1M) login. 3. Revised versions of certain auditing utilities, and the kernel auditing driver are included to fix problems with the IPC_R constant multiply defined. 4. A new version of the vtlmgr is included to close security problems with the /dev/vt* devices. 5. Revised svc drivers are included to address an auditing problem where failed adjtime(2) calls were being audited as completing successfully. 6. New tfadmin, adminrole and adminuser utilities are included that validate the login id of the user. 7. A new priocntl is included that closes security flaws. 8. A new libXt library is included to close various vulnerabilities in this library as reported by CERT. Software Notes and Recommendations ---------------------------------- SLS PTF3383B should only be installed on: SCO UnixWare Application Server 2.1.0 SCO UnixWare Personal Edition 2.1.0 Testing of the modified software contained in this SLS has been conducted only to the extent necessary to confirm that it resolves the problems stated above. Such testing consists of re-creating the problem conditions (typically in a SCO test laboratory) and verifying that the problem no longer occurs. No other testing of this software has been done. Hardware Notes and Recommendations ---------------------------------- This SLS package is targeted for the i386, i486 and Pentium CPUs. Installation Instructions ------------------------- 1. Download the ptf3383b.Z and ptf3383b.txt files to the /tmp directory on your machine. 2. As root, uncompress the file and add the SLS package to your system using these commands: $ su Password: # uncompress /tmp/ptf3383b.Z # pkgadd -d /tmp/ptf3383b 3. Reboot the system after installing this SLS. A new unix kernel will be built and the system will then reboot itself. A system reboot is required following installation of this SLS in order for the changes to take effect. Removal Instructions --------------------- 1. As root, remove the SLS package. $ su # pkgrm ptf3383 2. Reboot the system after removing this SLS. If you have any questions regarding this SLS, or the product on which it is installed, please contact your software supplier.