===========================================================================
SCO Security Bulletin 2000.15 (SB-00.15)
9 August 2000
---------------------------------------------------------------------------
Vulnerability in /usr/lib/libX11 and /usr/lib/libXt 
---------------------------------------------------------------------------

The Santa Cruz Operation has discovered the following problem present in
our software:

I.   Description
           When the environment variable "HOME" is set to a *large*
           string that is greater than 2K,  memory corruption occurs, 
           which results in incorrect results or segmentation violation errors.

II.  Impact
           
           After calling "getenv" to get the value of $HOME,
           the value is copied to a buffer (max size 2K) blindly 
           without checking the size of the returned value. 
           This causes memory corruption.

	   Some X clients execute with setuid root. Memory corruption
	   can be used to exploit this vulnerability.


III. Releases

     This problem exists on the following releases of SCO operating systems:

     - SCO OpenServer 5.0.5, 5.0.4, 5.0.2, 5.0.0



IV. Solution

     SCO is providing interim patches to address this issue in the form
     of a System Security Enhancement (SSE) package.  

     The SSE package is available for Internet download via anonymous
     ftp.


You can download the patches as follows:

Anonymous ftp	(World Wide Web URL)
-------------
  
For OpenServer 5 platforms:  

       ftp://ftp.sco.com/SSE/sse069c.tar.Z (tar archive)
       ftp://ftp.sco.com/SSE/sse069c.ltr (cover letter)


Checksums
---------

sum -r

54762     5 sse069c.ltr

08450  1372 sse069c.tar.Z


Updates:

This bulletin is available for anonymous ftp download from 
ftp://ftp.sco.COM/SSE/security_bulletins/SB-00.15c, and will be
updated as new information becomes available.


Further Information:

If you have further questions, contact your support provider.  If you
need to contact SCO, please send electronic mail to support@sco.COM, or
contact SCO as follows. 

        USA/Canada: 6am-5pm Pacific Time (PST/PDT)
        -----------
        1-800-347-4381  (voice)
        1-408-427-5443  (fax)

        Pacific Rim, Asia, and Latin American customers: 6am-5pm Pacific
        ------------------------------------------------ Time (PST/PDT)
        1-408-425-4726  (voice)
        1-408-427-5443  (fax)

        Europe, Middle East, Africa: 9am-5:30pm UK Time (GMT/BST)
        ----------------------------
        +44 (0)1923 816344 (voice)
        +44 (0)1923 817781 (fax)