What is Security Supplement p534850, the UnixWare 7 ReliantHA local root exploit 
patch?

KEYWORDS: unixware 7.1.4 714 security reliant ha 1.1.4 local root exploit 
fz534850 fz533530 hvdisp rcvm 

RELEASE:  SCO UnixWare Release 7.1.4
          ReliantHA 1.1.4

PROBLEM:  What is p534850, the UnixWare 7 ReliantHA local root exploit patch?

SOLUTION: p534850 fixes a potential local root exploit on UnixWare 7.1.4 systems
          with ReliantHA 1.1.4 installed. 

          What follows is the Security Advisory for this fix:

______________________________________________________________________________


                        SCO Security Advisory


Subject:                ReliantHA local root exploit Vulnerability
Advisory number:        SCOSA-2008.3
Issue date:             5th May 2008
Cross reference:        fz534850
______________________________________________________________________________


1. Problem Description

        A local root exploit exists in 2 utilities provided as part 
        of the ReliantHA 1.1.4 package which ships with UnixWare 7.1.4. 
	
2. Vulnerable Supported Versions

        System                          Package
        ----------------------------------------------------------------------
        UnixWare 7.1.4                  ReliantHA 1.1.4
                                       
3. Solution

        The proper solution is to install the relevant package below.

4. UnixWare 7.1.4

        This patch should only be installed on UnixWare 7.1.4 systems with
        ReliantHA 1.1.4 installed. If ReliantHA is not installed then there
        is no need to install this package.

        4.1 Location of Fixed Binaries

        ftp://ftp.sco.com/pub/unixware7/714/security/p534850/

        4.2 Verification

        MD5 (p534850.image) = e714c73dda7569cbb864a1210dd83066

        md5 is available for download from

        ftp://ftp.sco.com/pub/security/tools

        4.3 Installation Instructions

        1) Download the p534850.image file to the /tmp directory on 
        your machine.

        2) As root, add the package to your system using these commands:

        $ su -
        Password: <type your root password>
        # pkgadd -d /tmp/p534850.image

        Alternatively, this package may be installed in quiet mode, 
        that is, without displaying the release notes and asking for 
        confirmation. To do this, use these commands:

        $ su -
        Password: <type your root password>
        # pkgadd -qd /tmp/p534850.image all

        3) There is no need to reboot the system after installing this
        package.

        4.4 Removal Instructions

        1) As root, remove the package using these commands:

        $ su -
        Password: <type your root password>
        # pkgrm p534850

6. References

        SCO security resources:
                http://www.sco.com/support/download.html

        SCO security advisories via email
                http://www.sco.com/support/forums/security.html

        This security fix closes SCO incidents fz534850.

7. Disclaimers

        SCO is not responsible for the misuse of any of the information
        we provide on this website and/or through our security
        advisories. Our advisories are a service to our customers intended
        to promote secure installation and use of SCO products.

8. Acknowledgments

        SCO would like to thank Secunia Research for bringing this issue
        to our attention.