Get APLawrence.com by RSS
Recent SCO/Linux News
Index
Recent SCO Security Info
Recent SCO TA's
There is a LOT more here: try Searching this site
From: Rhonda Powers <rhondap@stage.sco.COM>
Subject: SSE info file
Date: Thu, 1 Jun 2000 14:04:05 GMT
Welcome to the System Security Enhancement (SSE) Area
----------------------------------------------------
The System Security Enhancement directory, (SSE), is here to
provide timely fixes to problems with system security. Binaries
acquired from this directory are to be considered preliminary fixes
only, and have not been fully tested or integrated. As such, these
patches are not officially supported. They are provided as a timely
response to security concerns that have been brought to the
attention of The Santa Cruz Operation.
When final, approved patches are available, usually by a Support Level
Supplement, the README files below will be modified to indicate the
existence of the finalized version of the supplement.
SCO reserves the right to change the contents of these supplements at
any time.
These Supplements should be available in the following locations:
site directory method
---- --------- ------
ftp.sco.COM: /SSE Internet anonymous ftp
sosco: /usr/spool/uucppublic/SSE UUCP download, SOS
scolon: /usr/spool/uucppublic/SSE UUCP download, SOS
List of New System Security Enhancements
----------------------------------------
New on 23-Dec-99
Installation and light training Boston and New England
Reliable and experienced, punctual and professional.
sse054: Buffer overflow in.i2odialogd
sse052: SCO UnixWare 7.1.1 mail clients.
sse051: SCO UnixWare 7.1.0 mail clients.
sse050: SCO OpenServer security patch.
sse049: SCO UnixWare 7.0.1 mail clients.
sse048: SCO UnixWare 7.0.0 mail clients.
sse047: Buffer overflows in xauto.
New on 21-DEC-99
sse045: Security patch for UnixWare 7.1.0
sse044: Security patch for UnixWare 7.0.1
sse043: Security patch for UnixWare 7.0.0
New on 03-DEC-99
sse046: Security patch for uidadmin.
New on 29-NOV-99
sse042: Security patch for xlock
sse041: Security patch for libnsl and tcpip.so.
New on 23-NOV-99
sse039: SU Security Patch
New on 16-NOV-99
sse033: BIND Security Update, regarding CERT CA-99.14
New on 19-OCT-99
sse035: UnixWare 2 specific ftp daemon security patch
sse034: Security patches for CERT CA-99.13, ftpd security issues.
New on 02-SEP-99
sse031: Denial of service problem in the passthru driver. Replacement driver for
UnixWare 7.1.0 only. Other UnixWare 7 releases are not affected.
sse030: Buffer overflow vulnerability in calendar manager service daemon,
rpc.cmsd, reported by CERT in advisory CA-99-08. Replacement binary for all
UnixWare 7 releases.
New on 06-AUG-99
sse029: Security vulnerability in mailcap. Replacement files for SCO UnixWare
7.1.0 and earlier releases.
New on 18-JUN-99
sse024b: Replacement xserver binary for SCO OpenServer 5, SCO Open Desktop/Open
Server 3, SCO UnixWare 2.1.x
New on 05-MAY-99
sse028: Security vulnerability in sendmail. Replacement files for SCO UnixWare
7.1.0 and earlier releases.
New on 26-APR-99
sse027: Packaging commands have unnecessary privilege. This problem exists on
UnixWare 7.1.0 only.
New on 25-MAR-99
sse026: problems with file permissions in Netscape servers. This problem exists
in servers for UnixWare 7.0.0, 7.0.1 and UnixWare 2.1.x
New on 05-MAR-99
sse024: Replacement xserver binary for SCO OpenServer 5, SCO Open Desktop/Open
Server 3, SCO UnixWare 2.1.x
sse023: Revised version of rshd, for OpenServer 5.0.0, 5.0.2, 5.0.4
Replaces the rshd provided in SSE020 as an incompatibility has been
found.
sse022: Replacement Sendmail binaries for SCO OpenServer 5 and SCO UnixWare 7.
New on 26-FEB-99
sse021b: Replacement ftpd binary for SCO OpenServer 5 and SCO UnixWare 7
In revision b an extra ftpd was added for OpenServer 5.0.0 to fix
an incompatibility problem. The other binaries are unchanged.
sse021b is linked to sse021 which has been withdrawn.
New on 29-JAN-99:
sse020: Replacement rshd and scheme binaries for SCO OpenServer 5 /
SCO UnixWare 7 / SCO UnixWare 2.1
sse019: Replacement calserver binary for SCO OpenServer 5
sse018: Replacement bootpd binaries for SCO OpenServer 5 / SCO Open
Desktop/Open Server 3 / SCO UnixWare 7 / SCO UnixWare 2.1
New on 13-OCT-98:
sse017: Replacement (old version) rdist binaries for
OpenServer/Open Desktop/CMW+
New on 06-OCT-98:
sse016: Replacement mscreen binaries for Open Desktop/OpenServer
sse014b: Update of sse014, including binary for OpenServer 5.0.5
sse014: Has been removed
New on 15-SEP-98:
sse015: Replacement ToolTalk binaries for UnixWare 7
New on 17-JUL-98:
sse014: Replacement imapd binary for UnixWare 7
New on 15-JUL-98:
sse013: Replacement pop server binary
New on 08-APR-98:
sse012: Replacement named binaries
sse008b: Has been removed, as it is superseded by sse012
New on 16-MAR-98:
sse011: Replacement FTP daemon
New on 24-FEB-98:
sse010: Replacement TCP driver
New on 19-FEB-98:
sse009b: Replacement /usr/bin/X11/scoterm binary for OpenServer 3.0 platforms.
sse009: Has been removed and is superseded by:
For Open Server 5 platforms: ftp://stage.caldera.com/SLS/oss473a
For OpenServer 3 platforms : sse009b
New on 20-NOV-97:
sse009: Replacement /usr/bin/X11/scoterm binary
New on 04-SEP-97:
sse008b: Replacement named binary
sse008: Has been removed and is superseded by sse008b.
New on 13-AUG-97:
sse008: Replacement named binary
New on 10-JUNE-97:
sse007: Replacement /usr/bin/at binary
New on 19-FEB-97:
oss443a: Has been moved to the "SLS" directory.
oss443a: SCO Sendmail 8.7.6a Upgrade
CONNECTION INFORMATION
----------------------
For anonymous ftp connection:
-----------------------------
Directory Name: /SSE
ftp to ftp.caldera.com
Login name: ftp
Password: your email address
ftp to ftp.uu.net (NOTE: areas are located in the ./sco-archive directory)
Login name: ftp
Password: your email address
For anonymous UUCP connection:
------------------------------
Directory Name: /usr/spool/uucppublic/SSE
For USA, Canada, Pacific Rim, Asia and Latin America customers:
Machine name: sosco
Login name: uusls (fourth character is the letter "l")
No password
List of modems available for UUCP transfer from sosco:
V32, V32bis +408 425-3502
Telebit Trailblazer +408 429-1786
For Europe/Middle East/Africa customers there is a system located at
SCO EMEIA (London):
Machine name: scolon
Login name: uusls
Password: bbsuucp
List of modems available for UUCP transfer from scolon.caldera.com:
Dowty Trailblazer +44 (0) 1923 210911
V32 +44 (0) 1923 222681
For SCO Online Support (SOS) BBS download:
------------------------------------------
These supplements can be downloaded interactively via XMODEM, YMODEM,
ZMODEM or Kermit. Follow the menu selections under "Toolchest" from
the main SOS menu.
List of modems available for interactive transfer from SOS:
V32, V32bis +408 426-9495
Telebit Trailblazer +408 426-9525
Note: telnet access to SOS is available by telneting to sos.caldera.com
For customers with access to CompuServe:
----------------------------------------
"GO SCOFORUM" - SSE files are in Library 11.
For ftp via World Wide Web:
---------------------------
URL to open: ftp://www.caldera.com
-------------------------------------------------------------------------------
List of available Security Enhancement (SSE) files:
Numbers in parentheses are checksums of the files, generated using the "sum"
utility with the -r option. Example: sum -r sse001.tar.Z
NOTE: These files are for downloading only. They CANNOT be obtained
from SCO on diskette.
NOTE: Please see the ".ltr" files for details of what security issues are
addressed by each Security Enhancement.
NOTE: Fixes for SCO Open Desktop/Open Server Release 3.0 are also
applicable to SCO UNIX 3.2v4 and/or SCO TCP/IP 1.2.
NOTE: Fixes for SCO OpenServer Release 5.0 are also applicable to
the SCO Internet FastStart product.
Size in bytes
File name (checksum) Description
-------------------------------------------------------------------------------
sse007.ltr.Z 1288 (65345) Replacement /usr/bin/at binary for:
sse007.tar.Z 119553 (49079) SCO CMW+ 3.0
SCO Open Desktop/Open Server Release 3.0
SCO OpenServer Release 5.0
SCO UnixWare 2.1
-------------------------------------------------------------------------------
sse009b.ltr 1641 (29367) Replacement /usr/bin/X11/scoterm binary for :
sse009b.tar.Z 148722 (59766) SCO Open Desktop/Open Server Release 3.0
NOTE: For OpenServer 5, the original sse009 has been superseded by:
ftp://stage.caldera.com/SLS/oss473a
-------------------------------------------------------------------------------
sse010.ltr 4371 (61746) Replacement TCP driver for:
sse010.tar.Z 202243 (39053) SCO OpenServer Release 5.0
SCO Open Desktop/Open Server Release 3.0
SCO UnixWare 2.1
SCO CMW+ 3.0
-------------------------------------------------------------------------------
sse011.ltr 2431 (22503) Replacement FTP daemon for
sse011.tar.Z 129969 (19774) SCO OpenServer Release 5.0.0, 5.0.2 and 5.0.4
SCO Open Desktop/Open Server Release 3.0
SCO UnixWare 2.1
SCO CMW+ 3.0
-------------------------------------------------------------------------------
sse012.ltr 2963 (47647) Replacement named binaries for:
sse012.tar.Z 1722386 (19726) SCO Open Desktop/Open Server Release 3.0
SCO OpenServer Release 5.0
SCO UnixWare 2.1
SCO UnixWare 7
-------------------------------------------------------------------------------
sse013.ltr 2030 (00215) Replacement pop server binary for
sse013.tar.Z 59911 (07838) SCO OpenServer 5.0.0, 5.0.2, 5.0.4
SCO Internet FastStart Release 1.0, 1.1
(posted 15-JUL-98)
------------------------------------------------------------------------------
sse014b.ltr 2338 (38104) Replacement imapd binaries for
sse014b.tar.Z 336879 (31525) SCO UnixWare 7
SCO OpenServer 5.0.5
(posted 17-JUL-98, updated 06-OCT-98)
------------------------------------------------------------------------------
sse015.ltr 2309 (05859) Replacement ToolTalk binaries for
sse015.tar.Z 331379 (20376) SCO UnixWare 7
(posted 15-SEP-98)
------------------------------------------------------------------------------
sse016.ltr 2488 (15726) Replacement mscreen binaries for
sse016.tar.Z 32602 (31228) SCO OpenServer 5
SCO Open Desktop/Open Server 3
(posted 06-OCT-98)
------------------------------------------------------------------------------
sse017.ltr 2682 (35378) Replacement (old version) rdist binaries for:
sse017.tar.Z 165709 (52472) SCO OpenServer 5
SCO Open Desktop/Open Server 3
SCO CMW+ 3
(posted 13-OCT-98)
-------------------------------------------------------------------------------
sse018.ltr 2240 (03397) Replacement bootpd binaries for:
sse018.tar.Z 166071 (09381) SCO OpenServer 5
SCO Open Desktop/Open Server 3
SCO UnixWare 7
SCO UnixWare 2.1
(posted 15-JAN-99)
-------------------------------------------------------------------------------
sse019.ltr 1733 (22999) Replacement calserver binary for:
sse019.tar.Z 242141 (59282) SCO OpenServer 5
(posted 27-JAN-99)
-------------------------------------------------------------------------------
sse020.ltr 2310 (09282) Replacement rshd and scheme binaries for
sse020.tar.Z 157380 (08641) SCO OpenServer 5
SCO UnixWare 7
SCO UnixWare 2.1
(posted 15-JAN-99)
-------------------------------------------------------------------------------
sse021b.ltr 1892 (11467) Replacement ftpd binary for
sse021b.tar.Z 234471 (25002) SCO OpenServer 5
SCO UnixWare 7
(posted 26-FEB-99)
-------------------------------------------------------------------------------
sse022.ltr 5473 (41133) Replacement Sendmail binaries
sse022.tar 1034240 (28239) SCO OpenServer 5
SCO UnixWare 7
(posted 05-MAR-99)
-------------------------------------------------------------------------------
sse023.ltr 1389 (59630) Replacement rshd binary for OpenServer.
sse023.tar.Z 35518 (39944) OpenServer 5.00, 5.02, 5.04. Not 5.0.5.
(posted 05-MAR-99)
-------------------------------------------------------------------------------
sse024b.ltr 2552 (48156) Replacement xserver binary for
sse024b.tar.Z 2324651 (54200) SCO OpenServer 5
SCO UnixWare 2.1
SCO Open Desktop/Open Server 3
(posted 18-JUN-99)
-------------------------------------------------------------------------------
sse026.ltr 1497 (12930) Corrects file permissions for Netscape servers
sse026.tar.Z 8076 (59538) in the following cases,
SCO UnixWare 2.1.3 :
Netscape FastTrack Server 2.0
Netscape Enterprise Server 2.0
Netscape Proxy Server 2.5
SCO UnixWare 7.0.1 and 7.0.0 systems:
Netscape FastTrack 2.01
-------------------------------------------------------------------------------
sse027.ltr 2520 (03398) Packaging commands have unnecessary privilege.
This problem exists in UW7.1.0 only.
See ptf7408 for fix.
-------------------------------------------------------------------------------
sse028.ltr 976 (26920) Security vulnerability in sendmail.
sse028.tar 61440 (30786) Replacement files SCO UnixWare 7.1.0 and
earlier releases.
-------------------------------------------------------------------------------
sse029.ltr 1117 (26655) Security vulnerability in mailcap.
sse029.tar 40960 (46097) Replacement files SCO UnixWare 7.1.0 and
earlier releases.
(posted on 06-AUG-99)
-------------------------------------------------------------------------------
sse030.ltr 1224 (27428) Buffer overflow in rpc.cmsd.
sse030.tar 184320 (43815) Replacement binary for all SCO UnixWare 7
releases.
-------------------------------------------------------------------------------
sse031.ltr 1051 (01243) Denial of service problem in passthru driver.
sse031.tar 40960 (39359 Replacement driver for UnixWare 7.1.0 only.
-------------------------------------------------------------------------------
sse033.ltr 1217 (59310) BIND Security Update
sse033.tar.Z 2568757 (05513) Replacement binaries for UnixWare 2 and 7.
-------------------------------------------------------------------------------
sse034.ltr 1007 (06014) Ftp daemon security hole.
sse034.tar.Z 143891 (60689) Replacement binaries for UnixWare 2.x.x only.
-------------------------------------------------------------------------------
sse035.ltr 979 (65490) Ftp daemon security hole.
sse035.tar.Z 114363 (54398) Replacement binaries for UnixWare 7.x.x only.
-------------------------------------------------------------------------------
sse036.ltr 1527 (42905) Ftp daemon security hole.
sse036.tar.Z 93379 (27264) Replacement binaries for OpenServer 5.0.0 throu
gh 5.0.0.
-------------------------------------------------------------------------------
sse037.ltr 2278 (56674) Multiple Vulnerabilities Found In OpenServer
sse037.tar.Z 691900 (53588) Replacement binaries for OpenServer 5.0.0 throu
gh 5.0.0.
-------------------------------------------------------------------------------
sse039.ltr 1118 (01787) SU Security Patch
sse039.tar.Z 283775 (53627) Replacement binaries for UnixWare 2.1.3 and 7 t
hrough 7.1.1
-------------------------------------------------------------------------------
sse041.ltr 1503 (63737) Security patch for libnsl and tcpip.so.
sse041.tar.Z 86679 (12292) Replacement binaries for UnixWare 7.0.0 through
UnixWare 7.1.0
-------------------------------------------------------------------------------
sse042.ltr 892 (60662) Security patch for xlock.
sse042.tar 81920 (14590) Replacement binaries for UnixWare 7.0.0 through
UnixWare 7.1.1.
-------------------------------------------------------------------------------
sse043-044-045.ltr 1557 (50683) UnixWare 7.0.0 Security Patch.
sse043.tar 378890 (61191) Replacement binaries for UnixWare 7.0.0.
-------------------------------------------------------------------------------
sse043-044-045.ltr 1557 (50683) UnixWare 7.0.1 Security Patch.
sse044.tar 440320 (02309) Replacement binaries for UnixWare 7.0.1.
-------------------------------------------------------------------------------
sse043-044-045.ltr 1557 (50683) UnixWare 7.1.0 Security Patch.
sse045.tar 389120 (61168) Replacement binaries for UnixWare 7.1.0.
-------------------------------------------------------------------------------
sse046.ltr 962 (27279) uidadmin patch.
sse046.tar 40068 (20912) Replacement binaries for UnixWare 7.0.0 -
UnixWare 7.1.1.
-------------------------------------------------------------------------------
sse047.ltr 1084 (03917) xauto patch.
122880 (08473) Replacement binaries for SCO UnixWare
7.0.0 - 7.1.1. SCO UnixWare 2.
-------------------------------------------------------------------------------
sse048-049-051-052.ltr 1996 (18007) UnixWare 7.0.0 mail clients
sse048.tar 1208320 (30114) Replacement binaries for UnixWare 7.0.0
-------------------------------------------------------------------------------
sse048-049-051-052.ltr 1996 (18007) UnixWare 7.0.1 mail clients
sse049.tar 1239040 (61342) Replacement binaries for UnixWare 7.0.1
-------------------------------------------------------------------------------
sse050.ltr 3072 (64202) OpenServer security patch.
sse050.tar.Z 3730103 (04383) Replacement binaries for OpenServer
5.0.5 only.
-------------------------------------------------------------------------------
sse048-049-051-052.ltr 1996 (18007) UnixWare 7.1.0 mail clients
sse051.tar 1228800 (05355) Replacement binaries for UnixWare 7.1.0
-------------------------------------------------------------------------------
sse048-049-051-052.ltr 1996 (18007) UnixWare 7.1.1 mail clients
sse052.tar 1228800 (34873) Replacement binaries for UnixWare 7.1.1
-------------------------------------------------------------------------------
sse054.ltr 1207 (35151) Buffer overflow in in.i2odialogd
sse054.tar 40960 (15473) Replacement binary for SCO UnixWare
7.0.0 - 7.1.1
-------------------------------------------------------------------------------
Enter your email address for automatic notification of new posts here
(be sure to whitelist 'feedburner.com' if you use spam filtering)
Have you tried Searching this site?
Unix/Linux/Mac OS X support by phone, email or on-site: Support Rates
This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more. We appreciate comments and article submissions.
http://thatitguy.com Business networking servers, Linux and Unix experts. In business since 1997! Windows and Exchange to Samba and Scalix migration experts.
http://echo3.net/ Unix/Linux Custom Applications, Web Hosting, C/C++ Programming Courses
larryi@ccamedical.com SCO OS5, Debian Linux, RedHat Linux, MySQL, Apache, AJAX development using dXport/dL4/Unibasic, Windows Connectivity, Sharing Resouces, Automation, Shell Scripting
Click here to add your comments