===========================================================================
SCO Security Bulletin 99.24
23rd-December-1999
Security holes in mail clients
---------------------------------------------------------------------------

I.   Description

	Security problems have been found in the deliver mechanism of the
        UnixWare 7 mail clients. This SSE corrects this problem.

II.  Impact

	Without this patch, unauthorized users may gain privileges. This problem
	has been reported to internet mailing lists, so this patch should be 
	applied immediately.

III. Releases

	This SSE contains binaries for: 

	UnixWare 7.0.0 - UnixWare 7.1.1

	SSE048 - UnixWare 7.0.0
	SSE049 - UnixWare 7.0.1
	SSE051 - UnixWare 7.1.0
	SSE052 - UnixWare 7.0.0

IV.  Solution

SCO is providing an interim patch to address this issue in the form of a
System Security Enhancement (SSE) package.


SSE048 contains replacement binaries for UnixWare 7.0.0. It is available for 
Internet download via anonymous ftp.

You can download the SSE package as follows:

Anonymous ftp (World Wide Web URL):

    ftp://ftp.sco.COM/SSE/sse048-049-051-052.ltr    (cover letter, ASCII text)
    ftp://ftp.sco.COM/SSE/sse048.tar  (new binaries)


SSE049 contains replacement binaries for UnixWare 7.0.1. It is available for 
Internet download via anonymous ftp.

You can download the SSE package as follows:

Anonymous ftp (World Wide Web URL):

    ftp://ftp.sco.COM/SSE/sse048-049-051-052.ltr    (cover letter, ASCII text)
    ftp://ftp.sco.COM/SSE/sse049.tar  (new binaries)


SSE051 contains replacement binaries for UnixWare 7.1.0. It is available for 
Internet download via anonymous ftp.

You can download the SSE package as follows:

Anonymous ftp (World Wide Web URL):

    ftp://ftp.sco.COM/SSE/sse048-049-051-052.ltr    (cover letter, ASCII text)
    ftp://ftp.sco.COM/SSE/sse051.tar  (new binaries)


SSE052 contains replacement binaries for UnixWare 7.1.1. It is available for 
Internet download via anonymous ftp.

You can download the SSE package as follows:

Anonymous ftp (World Wide Web URL):

    ftp://ftp.sco.COM/SSE/sse048-049-051-052.ltr    (cover letter, ASCII text)
    ftp://ftp.sco.COM/SSE/sse052.tar  (new binaries)


Checksums (sum -r):

	18007     4 sse048-049-051-052.ltr
	30114  2360 sse048.tar
	61342  2420 sse049.tar
	05355  2400 sse051.tar
	34873  2400 sse052.tar

V.   Updates

This bulletin is available for anonymous ftp download from 
ftp://ftp.sco.COM/SSE/security_bulletins/SB.99-24a, and will be
updated as new information becomes available.

The latest information on security vulnerabilities and fixes from
SCO is available on the world-wide web at http://www.sco.com/security/

VI.  Further Information:

If you have further questions, contact your support provider.  If you
need to contact SCO, please send electronic mail to support@sco.COM, or
contact SCO as follows. 

    USA/Canada: 6am-5pm Pacific Time (PST/PDT)
    -----------
    1-800-347-4381  (voice)
    1-408-427-5443  (fax)

    Pacific Rim, Asia, and Latin American customers: 6am-5pm Pacific
    ------------------------------------------------ Time (PST/PDT)
    1-408-425-4726  (voice)
    1-408-427-5443  (fax)

    Europe, Middle East, Africa: 9am-5:30pm UK Time (GMT/BST)
    ----------------------------
    +44 (0)1923 816344 (voice)
    +44 (0)1923 817781 (fax)