lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20031015183622.A29881@caldera.com>
Date: Wed, 15 Oct 2003 18:36:22 -0700
From: security@....com
To: announce@...ts.caldera.com, bugtraq@...urityfocus.com,
   full-disclosure@...ts.netsys.com
Subject: OpenServer 5.0.7 OpenServer 5.0.6 OpenServer 5.0.5 : Multiple security vulnerabilities in Xsco



To: announce@...ts.caldera.com bugtraq@...urityfocus.com full-disclosure@...ts.netsys.com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



______________________________________________________________________________

			SCO Security Advisory

Subject:		OpenServer 5.0.7 OpenServer 5.0.6 OpenServer 5.0.5 : Multiple security vulnerabilities in Xsco
Advisory number: 	CSSA-2003-SCO.26
Issue date: 		2003 October 10
Cross reference: 	sr862609 fz520528 erg712006 sr860995 fz520242 erg711972 CAN-2002-0158 CAN-2002-0164 
______________________________________________________________________________


1. Problem Description

	This supplement corrects two unrelated security problems in the
        SCO OpenServer "Xsco" X11 server.

        First,

	NSFOCUS Security Team has found a buffer overflow vulnerability
	in Xsun shipped with Solaris system when processing a
	command line parameter "-co", which could enable a local
	attacker to run arbitrary code with root user/root group
	privilege. 
	 
	Kevin Finisterre of Snosoft.com discovered that Xsco was also
	vulnerable. 
	 
	The Common Vulnerabilities and Exposures (CVE) project has assigned 
	the name CAN-2002-0158 to this issue. This is a candidate for 
	inclusion in the CVE list (http://cve.mitre.org), which standardizes 
	names for security problems. Candidates may change significantly
	before they become official CVE entries.

	Second,

	Roberto Zunino discovered a vulnerability in the MIT-SHM extension in
	all X servers that are running as root.

	Any user with local X access can exploit the MIT-SHM extension and gain
	read/write access to any shared memory segment on the system. 

	The Common Vulnerabilities and Exposures (CVE) project has assigned
        the name CAN-2002-0164 to this issue. This is a candidate for
        inclusion in the CVE list (http://cve.mitre.org), which standardizes
        names for security problems. Candidates may change significantly
        before they become official CVE entries.


2. Vulnerable Supported Versions

	System				Binaries
	----------------------------------------------------------------------
	OpenServer 5.0.7 		/usr/bin/X11/Xsco
	OpenServer 5.0.6 		/usr/bin/X11/Xsco
	OpenServer 5.0.5 		/usr/bin/X11/Xsco


3. Solution

	The proper solution is to install the latest packages.


4. OpenServer 5.0.7, OpenServer 5.0.6, OpenServer 5.0.5

	4.1 Location of Fixed Binaries

	ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.26


	4.2 Verification

	MD5 (VOL.000.000) = e7cbf7a8094ba43d44a6657a95673aeb
	MD5 (VOL.001.000) = 2eca28ac86436cec5fa7f059ab2fe850

	md5 is available for download from
		ftp://ftp.sco.com/pub/security/tools


	4.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following sequence:

	1) Download the VOL* files to the /tmp directory

	2) Run the custom command, specify an install from media
	images, and specify the /tmp directory as the location of
	the images.


5. References

	Specific references for this advisory:
		http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0158 
		http://marc.theaimsgroup.com/?l=bugtraq&m=101776858410652&w=2 
		http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0000.html
		http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0164
		http://marc.theaimsgroup.com/?l=bugtraq&m=103547625009363&w=2
		http://xforce.iss.net/xforce/xfdb/8706
		http://www.securityfocus.com/bid/4396
		http://www.linuxsecurity.com/advisories/caldera_advisory-2006.html
		ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.14/CSSA-2002-SCO.14.txt
	SCO security resources:

		http://www.sco.com/support/security/index.html

	This security fix closes SCO incidents sr862609 fz520528
	erg712006 sr860995 fz520242 erg711972


6. Disclaimer

	SCO is not responsible for the misuse of any of the information
	we provide on this website and/or through our security
	advisories. Our advisories are a service to our customers
	intended to promote secure installation and use of SCO
	products.

7. Acknowledgments

	SCO would like to thank the NSFOCUS Security Team for finding
        the "-co" vulnerability, and Kevin Finisterre of Snosoft.com for
        confirming its applicability to Xsco.  SCO would also like to
        thank Roberto Zunino for discovering the MIT-SHM vulnerability.

______________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (SCO/UNIX_SVR5)

iD8DBQE/jfZSaqoBO7ipriERAjSbAJkBWpJMSXcQwLFnTTRgVa5vaEXGEgCfeSKa
yS0vg5xrMpoBo3zWeqgpsNQ=
=Abuh
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ