===========================================================================
SCO Security Bulletin 2000.16 (SB-00.16)
08-Aug-2000
---------------------------------------------------------------------------
Privilege giveaway to scohelp from setuid program
---------------------------------------------------------------------------

I.   Description

We've recently discovered a giveaway of privilege to scohelp when it is
invoked from a setuid program.

This problem exists in all OpenServer 5 revisions up to and including 5.0.6

II.  Impact

Local users running any graphical setuid program that invokes scohelp
can read and write admin privileged files 


III. Releases

OpenServer version 5.0.0 - 5.0.6.

IV.  Solution

An immediate fix not involving updating binaries would be to remove setuid
privileges on scoterm and scolock.
    chmod u-s /usr/bin/X11/scoterm /usr/bin/X11/scolock

SCO is providing an interim patch to address this issue in the form of a
System Security Enhancement (SSE) package.

SSE071 contains replacement binaries for OpenServer5, and is
available for Internet download via anonymous ftp and http.

You can download the SSE package as follows:

Anonymous ftp (World Wide Web URL):

    ftp://ftp.sco.COM/SSE/sse071.ltr    (cover letter, ASCII text)
    ftp://ftp.sco.COM/SSE/sse071.tar.Z  (new binaries, compressed tar file)


Checksums (sum -r):

	14812     5 sse071.ltr
	45777   535 sse071.tar.Z

V.   Updates

This bulletin is available for anonymous ftp download from 
ftp://ftp.sco.COM/SSE/security_bulletins/SB-00.16a, and will be
updated as new information becomes available.

The latest information on security vulnerabilities and fixes from
SCO is available on the world-wide web at http://www.sco.com/security/

VI.  Further Information:

If you have further questions, contact your support provider.  If you
need to contact SCO, please send electronic mail to support@sco.COM, or
contact SCO as follows. 

    USA/Canada: 6am-5pm Pacific Time (PST/PDT)
    -----------
    1-800-347-4381  (voice)
    1-408-427-5443  (fax)

    Pacific Rim, Asia, and Latin American customers: 6am-5pm Pacific
    ------------------------------------------------ Time (PST/PDT)
    1-408-425-4726  (voice)
    1-408-427-5443  (fax)

    Europe, Middle East, Africa: 9am-5:30pm UK Time (GMT/BST)
    ----------------------------
    +44 (0)1923 816344 (voice)
    +44 (0)1923 817781 (fax)