| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: security at caldera.com (security@...dera.com) Subject: Security Update: [CSSA-2002-048.0] Linux: wwwoffled remote access vulnerability To: bugtraq@...urityfocus.com announce@...ts.caldera.com security-alerts@...uxsecurity.com full-disclosure@...ts.netsys.com ______________________________________________________________________________ SCO Security Advisory Subject: Linux: wwwoffled remote access vulnerability Advisory number: CSSA-2002-048.0 Issue date: 2002 November 18 Cross reference: ______________________________________________________________________________ 1. Problem Description wwwoffled allows remote attackers to cause a denial of service and possibly execute arbitrary code via a negative Content-Length value. 2. Vulnerable Supported Versions System Package ---------------------------------------------------------------------- OpenLinux 3.1.1 Workstation prior to wwwoffle-2.6b-3MR.i386.rpm OpenLinux 3.1 Workstation prior to wwwoffle-2.6b-3MR.i386.rpm 3. Solution The proper solution is to install the latest packages. Many customers find it easier to use the Caldera System Updater, called cupdate (or kcupdate under the KDE environment), to update these packages rather than downloading and installing them by hand. 4. OpenLinux 3.1.1 Workstation 4.1 Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-048.0/RPMS 4.2 Packages d54de95d9db4d19501e6b50ef63f2e31 wwwoffle-2.6b-3MR.i386.rpm 4.3 Installation rpm -Fvh wwwoffle-2.6b-3MR.i386.rpm 4.4 Source Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-048.0/SRPMS 4.5 Source Packages 1e8f25979fdc99dc6b3652927fa1a98a wwwoffle-2.6b-3MR.src.rpm 5. OpenLinux 3.1 Workstation 5.1 Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-048.0/RPMS 5.2 Packages c75848533ab650ef06bb7910eca73946 wwwoffle-2.6b-3MR.i386.rpm 5.3 Installation rpm -Fvh wwwoffle-2.6b-3MR.i386.rpm 5.4 Source Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-048.0/SRPMS 5.5 Source Packages 9b8e3cf1987bc4d08cf9782eea2e2c9e wwwoffle-2.6b-3MR.src.rpm 6. References Specific references for this advisory: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0818 SCO security resources: http://www.sco.com/support/security/index.html This security fix closes SCO incidents sr867510, fz525781, erg501645. 7. Disclaimer SCO is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of SCO products. ______________________________________________________________________________ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 237 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20021118/117cfbb6/attachment.bin
Powered by blists - more mailing lists