TITLE
ppptalk root privilege vulnerability
/TITLE

SYNOPSIS
If pppd is running (which it is on a default installation), a
malicious user can use /usr/bin/ppptalk (or its link, /usr/bin/ppp),
to gain root privileges.

This updated advisory corrects a pathname in the Solution section.
/SYNOPSIS


INCIDENTS
sr865661, fz521199 and erg712071
/INCIDENTS

SOLUTION
The proper solution is to install the latest packages. However,
removing the setuid bits from the /usr/bin/ppptalk binary will effectively
eliminate the vulnerability.
/SOLUTION

ACKNOWLEDGEMENTS

/ACKNOWLEDGEMENTS

REFERENCES
none
/REFERENCES
#
# The next three items can be thought of as an array of structures.
# The first element in each is the first structure, and so on.
#
PRODUCTS
unixware711
openunix800
/PRODUCTS

PACKAGES
erg712071.pkg.Z
erg712071.pkg.Z
/PACKAGES

URL
ftp://ftp.caldera.com/pub/updates/UnixWare/CSSA-2002-SCO.27.1
ftp://ftp.caldera.com/pub/updates/OpenUNIX/CSSA-2002-SCO.27.1
/URL