=========================================================================== SCO Security Bulletin 2000.02 26th January 2000 scohelp security patch --------------------------------------------------------------------------- I. Description A shared object that allows internationalization of the scohelp system contained an exploitable overflowable buffer. II. Impact Without sse060, systems are vulnerable to network-based system intrusions via this security hole. III. Releases UnixWare 7.0 through 7.1.1 IV. Solution SCO is providing an interim patch to address this issue in the form of a System Security Enhancement (SSE) package. SSE060 contains a replacement binary for the releases listed above, and is available for Internet download via anonymous ftp and http. You can download the SSE package as follows: Anonymous ftp (World Wide Web URL): ftp://ftp.sco.COM/SSE/sse060.ltr (cover letter, ASCII text) ftp://ftp.sco.COM/SSE/sse060.tar.Z (new binaries, compressed tar file) Checksums (sum -r): 37872 3 sse060.ltr 52981 71 sse060.tar.Z V. Updates This bulletin is available for anonymous ftp download from ftp://ftp.sco.COM/SSE/security_bulletins/SB-00.02a, and will be updated as new information becomes available. The latest information on security vulnerabilities and fixes from SCO is available on the world-wide web at http://www.sco.com/security/ VI. Further Information: If you have further questions, contact your support provider. If you need to contact SCO, please send electronic mail to support@sco.COM, or contact SCO as follows. USA/Canada: 6am-5pm Pacific Time (PST/PDT) ----------- 1-800-347-4381 (voice) 1-408-427-5443 (fax) Pacific Rim, Asia, and Latin American customers: 6am-5pm Pacific ------------------------------------------------ Time (PST/PDT) 1-408-425-4726 (voice) 1-408-427-5443 (fax) Europe, Middle East, Africa: 9am-5:30pm UK Time (GMT/BST) ---------------------------- +44 (0)1923 816344 (voice) +44 (0)1923 817781 (fax)