-----BEGIN PGP SIGNED MESSAGE----- Subject: Caldera Security Advisory SA-1998.10: File creation and corruption bug in XConsole Advisory issue date: 24-July-1998 Topic: File creation and corruption bug in XConsole I. Problem Description There is a file creation and corruption bug in XConsole included in procps-X11 versions 1.2.6 and earlier has been found. To fix it, you can either remove the XConsole program or upgrade to procps-1.2.7. II. Impact Description: An exploit which causes a Denial of Service condition preventing anyone other than root from logging into the computer has been found, and others may well be found. Vulnerable Systems: OpenLinux systems up to and including OpenLinux 1.2 in which the procps-X11 rpm package is installed. III. Solution Workaround: The procps-X11 package can simply be removed with the following command: rpm -e procps-X11 Correction: The proper solution is to upgrade to the procps-1.2.7-1 packages. They can be found on Caldera's FTP site at: ftp://ftp.caldera.com/pub/OpenLinux/updates/1.2/current/RPMS The corresponding source code can be found at: ftp://ftp.caldera.com/pub/OpenLinux/updates/1.2/current/SRPMS The MD5 checksums (from the "md5sum" command) for these packages are: 710bf187dcd5504286f5bffce968e0fd RPMS/procps-1.2.7-1.i386.rpm bb85346a40c439671b02b45942a6b41e RPMS/procps-X11-1.2.7-1.i386.rpm 411289fda4ec8764064a8dd875272edb SRPMS/procps-1.2.7-1.src.rpm Upgrade with the following commands: rpm -q procps && rpm -U procps-1.2.7-1.i386.rpm rpm -q procps-X11 && rpm -U procps-X11-1.2.7-1.i386.rpm IV. References This and other Caldera security resources are located at: http://www.caldera.com/news/security/index.html Additional documentation on this problem can be found in http://www.redhat.com/support/docs/rhl/rh50-errata-general.html#procps This security fix closes Caldera's internal Problem Report 4005. V. PGP Signature This message was signed with the PGP key for security@caldera.com. This key can be obtained from: ftp://ftp.caldera.com/pub/pgp-keys/ Or on an OpenLinux CDROM under: /OpenLinux/pgp-keys/ $Id: SA-1998.10.txt,v 1.3 1998/07/24 12:59:37 rf Exp $ -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQCVAwUBNbiFOen+9R4958LpAQE+sAP+JAPCCC/5eTjnSZXxjdJF4Or8PAlQ/brh 9UxGMRirFwVDiQya7IAOI/3yvfkqN2mgw7AOo76N42Npo+cWDWZinAaqS6i9JMDR N0l9VYc6RYgdyD3jiYc5G0cNUgwRQb2ihrePRwW6OBQiEVsuqSXB4ztq+aGll/4b qtBmUekorC0= =Lp9R -----END PGP SIGNATURE-----