COMMAND

    /usr/bin/X11/scoterm

SYSTEMS AFFECTED

    SCO Desktop/OpenServer 3.0 or OpenServer 5.0

PROBLEM

    The Santa  Cruz Operation,  Inc. (SCO)  posted following  info.  A
    security vulnerability in the  implementation of scoterm has  been
    identified  which   could  allow   unprivileged  users   to   gain
    unauthorized root access to the system.  Any user with an  account
    on the system may be able to execute arbitrary commands with  root
    privileges.

    A  program  which  exploits  this  vulnerability  is in existence,
    although it is not currently being distributed.

SOLUTION

    There is a risk  that the exploit method  may be revealed, so  the
    patch should  be applied  as soon  as possible.   SCO is providing
    interim patches  to address  this issue  in the  form of  a System
    Security  Enhancement  (SSE)  package.   The  SSE package includes
    patches for all operating systems  listed above.  The SSE  package
    is available  for Internet  download via  anonymous ftp,  and from
    the SCOFORUM on Compuserve:

    *FTP*
        ftp://ftp.sco.COM/SSE/sse009.ltr    (cover letter, uncompressed)
        ftp://ftp.sco.COM/SSE/sse009.tar.Z  (new binaries, compressed tar file)

    *Compuserve*
    GO SCOFORUM, and search the file library for these filenames:
        SSE009.LTR      (cover letter, compressed)
        SSE009.TAZ      (new binaries, compressed tar file)

    If  you  are  for  some  reason  unable  to  access or install the
    patches, you  should temporarily  disable scoterm  by running  the
    following command as the root user:

        # chmod 0 /usr/bin/X11/scoterm