COMMAND

    kernel

SYSTEMS AFFECTED

    SCO OpenServer 5,
    SCO OpenServer 5.0.2,
    SCO Internet FastStart 1.0.

PROBLEM

    The  Santa  Cruz  Operation  has  discovered the following problem
    present in their software.   A problem in a kernel  error handling
    routine may allow unauthorized root access to the system.

    Any user with an  account on the system  may be able to  gain root
    access  by  forcibly  causing  a  particular kernel error handling
    routine to  be executed.  To gain  access would  require that  the
    user intentionally  write and  then execute  a program  to exploit
    this problem.  Alternatively, a  user could  unintentionally allow
    root  access  by  executing  a  program previously written to take
    advantage of the problem.

SOLUTION

    SCO  is  providing  the  following  (S)upport (L)evel (S)upplement
    to address the issue. It is recommended that all systems installed
    with one of the above releases also have SLS oss436a installed.

    SLS oss436a is available via anonymous ftp:

        ftp://ftp.sco.COM/SLS/oss436a.Z         (patch disk)
        ftp://ftp.sco.COM/SLS/oss436a.ltr.Z     (cover letter/install notes)