lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20040730202738.98305161B5@helix.pdev.ca.sco.com>
Date: Fri, 30 Jul 2004 13:27:38 -0700 (PDT)
From: please_reply_to_security@....com
To: security-announce@...t.sco.com, bugtraq@...urityfocus.com,
   full-disclosure@...ts.netsys.com
Subject: OpenServer 5.0.6 OpenServer 5.0.7 : uudecode does not check for symlink or pipe



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


______________________________________________________________________________

			SCO Security Advisory

Subject:		OpenServer 5.0.6 OpenServer 5.0.7 : uudecode does not check for symlink or pipe
Advisory number: 	SCOSA-2004.12
Issue date: 		2004 July 29
Cross reference:	sr864864 fz527541 erg712054 CAN-2002-0178
______________________________________________________________________________


1. Problem Description

	The uudecode utility would create an output file without
	checking to see if it was about to write to a symlink or a
	pipe. If a user uses uudecode to extract data into open
	shared directories, such as /tmp, this vulnerability could
	be used by a local attacker to overwrite files or lead to
	privilege escalation. 

	The Common Vulnerabilities and Exposures project (cve.mitre.org) 
	has assigned the name CAN-2002-0178 to this issue.


2. Vulnerable Supported Versions

	System				Binaries
	----------------------------------------------------------------------
	OpenServer 5.0.6 		/usr/bin/uudecode
	OpenServer 5.0.7 		/usr/bin/uudecode

3. Solution

	The proper solution is to install the latest packages.

4. OpenServer 5.0.6

	4.1 First install oss646b or later

	4.2 Location of oss646c

	ftp://ftp.sco.com/pub/openserver5/oss646c/

        4.3 Verification of oss646c

        MD5 (VOL.000.000) = f19b6c6949f615316bfb075d249989e8
        MD5 (VOL.000.001) = 341ff8553aecd2c7b0c2beaf83030d0f
        MD5 (VOL.000.002) = 6e46708ad8029e12280d4f9ac60ab814
        MD5 (VOL.000.003) = 2868b64a6a6db742adb3b485be645d7e
        MD5 (VOL.000.004) = 1696fe1db9bb063827ee5e76e58dff84
        MD5 (VOL.000.005) = f39da342f8af72fcaccdf478dca04109
        MD5 (VOL.000.006) = 2b31611c8af7d2e7910d6e8e3cf701a6
        MD5 (VOL.000.007) = d0175c0f4e3ed29435b1eab95609f8f4
        MD5 (VOL.000.008) = aa9e8a525c341fed077f981b1dacb486
        MD5 (VOL.000.009) = 8e023af67b57507824406bdda322079a
        MD5 (VOL.000.010) = 2b46e8adba8ae0b64109f2069da978a2

	4.4 Location of Fixed Binaries

	ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.12

	4.5 Verification

	MD5 (VOL.000.000) = 53e8739812e5bfd7f3504d467e979019

	md5 is available for download from
		ftp://ftp.sco.com/pub/security/tools


	4.6 Installing Fixed Binaries

	Upgrade the affected binaries with the following sequence:

	1) Download the VOL* files to the /tmp directory

	2) Run the custom command, specify an install from media
	images, and specify the /tmp directory as the location of
	the images.


5. OpenServer 5.0.7

	5.1 Location of Fixed Binaries

	ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.12

	The fixes are also available in SCO OpenServer Release 5.0.7
        Maintenance Pack 3 or later.  See
        http://www.sco.com/support/update/download/osr507list.html.

	5.2 Verification

	MD5 (VOL.000.000) = 53e8739812e5bfd7f3504d467e979019

	MD5 (507mp3_vol.tar) = c927aefdd50b50aca5d29e08c1562aec

	md5 is available for download from
		ftp://ftp.sco.com/pub/security/tools


	5.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following sequence:

	1) Download the VOL* files to the /tmp directory

	2) Run the custom command, specify an install from media
	images, and specify the /tmp directory as the location of
	the images.

	Or see the Maintenance Pack 3 Release and Installation Notes at

        ftp://ftp.sco.com/pub/openserver5/507/mp/mp3/osr507mp3.txt


6. References

	Specific references for this advisory:
		http://www.aerasec.de/security/index.html?id=ae-200204-033&lang=en 
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0178

	SCO security resources:
		http://www.sco.com/support/security/index.html
	SCO security advisories via email
		http://www.sco.com/support/forums/security.html

	This security fix closes SCO incidents sr864864 fz527541
	erg712054.


7. Disclaimer

	SCO is not responsible for the misuse of any of the information
	we provide on this website and/or through our security
	advisories. Our advisories are a service to our customers
	intended to promote secure installation and use of SCO
	products.

______________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (SCO/UNIX_SVR5)

iD8DBQFBCqGmaqoBO7ipriERAiTGAJsFXtXRf+Gp7oo6F8W6Un5uLm01CQCbBPPk
YHPyFvekzIswp7A8jQAuw34=
=9v1h
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ