-----BEGIN PGP SIGNED MESSAGE----- ______________________________________________________________________________ Caldera Systems, Inc. Security Advisory Subject: buffer overflow in dosemu Advisory number: CSSA-1999:006.0 Issue date: 1999 Feb 24 Cross reference: ______________________________________________________________________________ 1. Problem Description The TERM and TERMINFO environmentables can be used to cause buffer overflows in dosemu. General security problems with suid root (from Erik Mouw J.A.K.Mouw@its.tudelft.nl): Note that any Dosemu version running suid root with DPMI enabled is inherently unsafe. A DPMI program in Dosemu is able to use Linux system calls, including system calls that require root privileges. The Dosemu Team is not able to fix this security hole; system administrators who are serious about security, should not install Dosemu suid-root. Dosemu can run non-suid on the Slangterminal, under X, in the background and even on serial lines (bbs'es for example). 2. Vulnerable Versions Systems: OpenLinux 1.0, 1.1, 1.2, 1.3. Packages: < dosemu-0.98.5-1.i386.rpm 3. Solutions The proper solution is to upgrade to the dosemu-0.98.5 package. For security dosemu should not be installed with the SUID bit set on its binaries. 4. Location of Fixed Packages The upgrade packages can be found on Caldera's FTP site at: ftp://ftp.caldera.com/pub/OpenLinux/updates/1.3/022/RPMS/ The corresponding source code package can be found at: ftp://ftp.caldera.com/pub/OpenLinux/updates/1.3/022/SRPMS 5. Installing Fixed Packages Upgrade the affected packages with the following commands: rpm -q dosemu && rpm -U dosemu-0.98.5.i386.rpm 6. Verification The MD5 checksums (from the "md5sum" command) for these packages are: 092455b8c1c863e486458d2d6681d8e5 RPMS/dosemu-0.98.5-1.i386.rpm f9d67120bfb3898ba88fd34ff114417c SRPMS/dosemu-0.98.5-1.src.rpm 7. References This and other Caldera security resources are located at: http://www.calderasystems.com/news/security/index.html Additional documentation on this problem can be found in: http://geek-girl.com/bugtraq/1999_1/0040.html This security fix closes Caldera's internal Problem Report 4253. 8. Disclaimer Caldera Systems, Inc. is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of Caldera OpenLinux. ______________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQCVAwUBOC/Ohun+9R4958LpAQH10QP/fT/hy+zv5hx2lV1cSuf3RYAMe54a8mhW AIf7Kt8DAfToG5ItYRLl56J70wv4uMrisjH0NIRes8OJmIrFs/rwVvLnkHzJI4/e p+8Hkyb1MckhSTIeZARtPTFOTLi8MxzpMF+DrqaX6g/OW2MkXRCuyp5xfchiQahO kVgPkZAIrwE= =fuIa -----END PGP SIGNATURE-----