===========================================================================
SCO Security Bulletin 2000.07
ARCserve startup script symlink vulnerability in OpenServer 5
---------------------------------------------------------------------------
ARCserve startup symlink vulnerability
---------------------------------------------------------------------------

I.   Description

Recently Network Associates, Inc. issued a  SECURITY ADVISORY entitled 
"ARCserve symlink vulnerability".

This was originally reported against Unixware7.1 but 
SCO confirms that OpenServer 5 is also vulnerable and provides 
SSE063  which replaces the startup script.


II.  Impact

Local attackers may obtain root privileges and overwrite/insert data 
into arbitrary (normally unwritable) files.

III. Releases

OpenServer version 5.0.5.

IV.  Solution

SCO is providing an interim patch to address this issue in the form of a
System Security Enhancement (SSE) package.

SSE063 contains a replacement startup script for OpenServer5.0.5, and is
available for Internet download via anonymous ftp and http.

You can download the SSE package as follows:

Anonymous ftp (World Wide Web URL):

    ftp://ftp.sco.COM/SSE/sse063.ltr    (cover letter, ASCII text)
    ftp://ftp.sco.COM/SSE/sse063.tar.Z  (new binaries, compressed tar file)


Checksums (sum -r):

	62441     4 sse063.ltr
	23038    20 sse063.tar.Z

V.   Updates

This bulletin is available for anonymous ftp download from 
ftp://ftp.sco.COM/SSE/security_bulletins/SB-00.07, and will be
updated as new information becomes available.

The latest information on security vulnerabilities and fixes from
SCO is available on the world-wide web at http://www.sco.com/security/

VI.  Further Information:

If you have further questions, contact your support provider.  If you
need to contact SCO, please send electronic mail to support@sco.COM, or
contact SCO as follows. 

    USA/Canada: 6am-5pm Pacific Time (PST/PDT)
    -----------
    1-800-347-4381  (voice)
    1-408-427-5443  (fax)

    Pacific Rim, Asia, and Latin American customers: 6am-5pm Pacific
    ------------------------------------------------ Time (PST/PDT)
    1-408-425-4726  (voice)
    1-408-427-5443  (fax)

    Europe, Middle East, Africa: 9am-5:30pm UK Time (GMT/BST)
    ----------------------------
    +44 (0)1923 816344 (voice)
    +44 (0)1923 817781 (fax)