lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20021122165238.C6994@caldera.com>
From: security at caldera.com (security@...dera.com)
Subject: Security Update: [CSSA-2002-053.0] Linux: gv execution of arbitrary shell commands

To: bugtraq@...urityfocus.com announce@...ts.caldera.com security-alerts@...uxsecurity.com full-disclosure@...ts.netsys.com

______________________________________________________________________________

			SCO Security Advisory

Subject:		Linux: gv execution of arbitrary shell commands
Advisory number: 	CSSA-2002-053.0
Issue date: 		2002 November 22
Cross reference:
______________________________________________________________________________


1. Problem Description

	gv can be forced to execute arbitrary shell commands by using
	a buffer overflow.


2. Vulnerable Supported Versions

	System				Package
	----------------------------------------------------------------------

	OpenLinux 3.1.1 Server		prior to gv-3.5.8-10.i386.rpm
					prior to gv-doc-html-3.5.8-10.i386.rpm

	OpenLinux 3.1.1 Workstation	prior to gv-3.5.8-10.i386.rpm
					prior to gv-doc-html-3.5.8-10.i386.rpm

	OpenLinux 3.1 Server		prior to gv-3.5.8-10.i386.rpm
					prior to gv-doc-html-3.5.8-10.i386.rpm

	OpenLinux 3.1 Workstation	prior to gv-3.5.8-10.i386.rpm
					prior to gv-doc-html-3.5.8-10.i386.rpm


3. Solution

	The proper solution is to install the latest packages. Many
	customers find it easier to use the Caldera System Updater, called
	cupdate (or kcupdate under the KDE environment), to update these
	packages rather than downloading and installing them by hand.


4. OpenLinux 3.1.1 Server

	4.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-053.0/RPMS

	4.2 Packages

	cb5eea88360c079d7d54177329e166c0	gv-3.5.8-10.i386.rpm
	cdb3756c1b6a091afaf39de0dabf4596	gv-doc-html-3.5.8-10.i386.rpm

	4.3 Installation

	rpm -Fvh gv-3.5.8-10.i386.rpm
	rpm -Fvh gv-doc-html-3.5.8-10.i386.rpm

	4.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-053.0/SRPMS

	4.5 Source Packages

	77808a8c99f8d4633d391be68386b409	gv-3.5.8-10.src.rpm


5. OpenLinux 3.1.1 Workstation

	5.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-053.0/RPMS

	5.2 Packages

	0bcae541db2c4789cf32cc7b23943c98	gv-3.5.8-10.i386.rpm
	2c98eb1edba9735634561c1fca76a50b	gv-doc-html-3.5.8-10.i386.rpm

	5.3 Installation

	rpm -Fvh gv-3.5.8-10.i386.rpm
	rpm -Fvh gv-doc-html-3.5.8-10.i386.rpm

	5.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-053.0/SRPMS

	5.5 Source Packages

	21aedbec359aa6f089a33faa5351beaa	gv-3.5.8-10.src.rpm


6. OpenLinux 3.1 Server

	6.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-053.0/RPMS

	6.2 Packages

	f806bd5555db9447219bc4cf7d8a6943	gv-3.5.8-10.i386.rpm
	d2ec6637464a67324465aaa78fe4ce1c	gv-doc-html-3.5.8-10.i386.rpm

	6.3 Installation

	rpm -Fvh gv-3.5.8-10.i386.rpm
	rpm -Fvh gv-doc-html-3.5.8-10.i386.rpm

	6.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-053.0/SRPMS

	6.5 Source Packages

	08391461cbfe9285473837051dfa659e	gv-3.5.8-10.src.rpm


7. OpenLinux 3.1 Workstation

	7.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-053.0/RPMS

	7.2 Packages

	2d02777949ff45ff5fded454dc20cc51	gv-3.5.8-10.i386.rpm
	d18bed4ecc2e6770bb51566f8eb52568	gv-doc-html-3.5.8-10.i386.rpm

	7.3 Installation

	rpm -Fvh gv-3.5.8-10.i386.rpm
	rpm -Fvh gv-doc-html-3.5.8-10.i386.rpm

	7.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-053.0/SRPMS

	7.5 Source Packages

	b3a98182f3c5667b255dff4b3cb887a0	gv-3.5.8-10.src.rpm


8. References

	Specific references for this advisory:

		http://www.epita.fr/~bevand_m/asa/asa-0000
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0838
		iDEFENSE Security Advisory 09.26.2002

	SCO security resources:

		http://www.sco.com/support/security/index.html

	This security fix closes SCO incidents sr869923, fz526236,
	erg712135.


9. Disclaimer

	SCO is not responsible for the misuse of any of the information
	we provide on this website and/or through our security
	advisories. Our advisories are a service to our customers intended
	to promote secure installation and use of SCO products.


10. Acknowledgements

	Marc Bevand and David Endler discovered and researched this
	vulnerability.

______________________________________________________________________________
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 237 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20021122/4ad7a1b5/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ