===========================================================================
SCO Security Bulletin 97:01
June 11, 1997
Vulnerability in /usr/bin/at
---------------------------------------------------------------------------

The Santa Cruz Operation has discovered the following problem present in
our software:

I.   Description

     A programming error in /usr/bin/at has been identified which could
     allow unauthorized access to the system. The resulting access could lead
     to unauthorized root access to the system.

II.  Impact
        
     Any user with an account on the system may be able to gain
     unauthorized access to system or user files, which may then lead to
     unauthorized root access.

     Although there have been no reported instances of this vulnerability
     being exploited on SCO operating systems, the potential for security
     compromise does exist, and the patch should be applied as soon as possible.

III. Releases

     This problem exists on all current releases of SCO operating systems:

     - SCO CMW+ 3.0
     - SCO Open Desktop/Open Server 3.0, SCO UNIX 3.2v4
     - SCO OpenServer 5.0
     - SCO UnixWare 2.1

IV. Solution

     SCO is providing interim patches to address this issue in the form
     of a System Security Enhancement (SSE) package.  The SSE package
     includes patches for all operating systems listed above.

     Currently the SSE package is available for Internet download via
     anonymous ftp, and from the SCOFORUM on Compuserve.

     if you are for some reason unable to access or install the patches,
     you should temporarily disable /usr/bin/at by running the following
     command as the root user:

	# chmod 0 /usr/bin/at


You can download the SSE package as follows:

Anonymous ftp	(World Wide Web URL)
-------------

	ftp://ftp.sco.COM/SSE/sse007.ltr.Z     (cover letter, compressed)
	ftp://ftp.sco.COM/SSE/sse007.tar.Z     (new binaries, compressed tar file)

Compuserve
----------

     GO SCOFORUM, and search the file library for these filenames:

	SSE007.LTZ	(cover letter, compressed)
	SSE007.TAZ	(new binaries, compressed tar file)

Checksums
---------

sum -r

65345     3 sse007.ltr.Z
49079   234 sse007.tar.Z


Updates:

This bulletin is available for anonymous ftp download from 
ftp://ftp.sco.COM/SSE/security_bulletins/SB.97:01b, and will be
updated as new information becomes available.

June 16, 1997 - updated patch availability information.


Further Information:

If you have further questions, contact your support provider.  If you
need to contact SCO, please send electronic mail to support@sco.COM, or
contact SCO as follows. 

        USA/Canada: 6am-5pm Pacific Time (PST/PDT)
        -----------
        1-800-347-4381  (voice)
        1-408-427-5443  (fax)

        Pacific Rim, Asia, and Latin American customers: 6am-5pm Pacific
        ------------------------------------------------ Time (PST/PDT)
        1-408-425-4726  (voice)
        1-408-427-5443  (fax)

        Europe, Middle East, Africa: 9am-5:30pm UK Time (GMT/BST)
        ----------------------------
        +44 (0)1923 816344 (voice)
        +44 (0)1923 817781 (fax)