[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20021122165238.C6994@caldera.com>
From: security at caldera.com (security@...dera.com)
Subject: Security Update: [CSSA-2002-053.0] Linux: gv execution of arbitrary shell commands
To: bugtraq@...urityfocus.com announce@...ts.caldera.com security-alerts@...uxsecurity.com full-disclosure@...ts.netsys.com
______________________________________________________________________________
SCO Security Advisory
Subject: Linux: gv execution of arbitrary shell commands
Advisory number: CSSA-2002-053.0
Issue date: 2002 November 22
Cross reference:
______________________________________________________________________________
1. Problem Description
gv can be forced to execute arbitrary shell commands by using
a buffer overflow.
2. Vulnerable Supported Versions
System Package
----------------------------------------------------------------------
OpenLinux 3.1.1 Server prior to gv-3.5.8-10.i386.rpm
prior to gv-doc-html-3.5.8-10.i386.rpm
OpenLinux 3.1.1 Workstation prior to gv-3.5.8-10.i386.rpm
prior to gv-doc-html-3.5.8-10.i386.rpm
OpenLinux 3.1 Server prior to gv-3.5.8-10.i386.rpm
prior to gv-doc-html-3.5.8-10.i386.rpm
OpenLinux 3.1 Workstation prior to gv-3.5.8-10.i386.rpm
prior to gv-doc-html-3.5.8-10.i386.rpm
3. Solution
The proper solution is to install the latest packages. Many
customers find it easier to use the Caldera System Updater, called
cupdate (or kcupdate under the KDE environment), to update these
packages rather than downloading and installing them by hand.
4. OpenLinux 3.1.1 Server
4.1 Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-053.0/RPMS
4.2 Packages
cb5eea88360c079d7d54177329e166c0 gv-3.5.8-10.i386.rpm
cdb3756c1b6a091afaf39de0dabf4596 gv-doc-html-3.5.8-10.i386.rpm
4.3 Installation
rpm -Fvh gv-3.5.8-10.i386.rpm
rpm -Fvh gv-doc-html-3.5.8-10.i386.rpm
4.4 Source Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-053.0/SRPMS
4.5 Source Packages
77808a8c99f8d4633d391be68386b409 gv-3.5.8-10.src.rpm
5. OpenLinux 3.1.1 Workstation
5.1 Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-053.0/RPMS
5.2 Packages
0bcae541db2c4789cf32cc7b23943c98 gv-3.5.8-10.i386.rpm
2c98eb1edba9735634561c1fca76a50b gv-doc-html-3.5.8-10.i386.rpm
5.3 Installation
rpm -Fvh gv-3.5.8-10.i386.rpm
rpm -Fvh gv-doc-html-3.5.8-10.i386.rpm
5.4 Source Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-053.0/SRPMS
5.5 Source Packages
21aedbec359aa6f089a33faa5351beaa gv-3.5.8-10.src.rpm
6. OpenLinux 3.1 Server
6.1 Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-053.0/RPMS
6.2 Packages
f806bd5555db9447219bc4cf7d8a6943 gv-3.5.8-10.i386.rpm
d2ec6637464a67324465aaa78fe4ce1c gv-doc-html-3.5.8-10.i386.rpm
6.3 Installation
rpm -Fvh gv-3.5.8-10.i386.rpm
rpm -Fvh gv-doc-html-3.5.8-10.i386.rpm
6.4 Source Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-053.0/SRPMS
6.5 Source Packages
08391461cbfe9285473837051dfa659e gv-3.5.8-10.src.rpm
7. OpenLinux 3.1 Workstation
7.1 Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-053.0/RPMS
7.2 Packages
2d02777949ff45ff5fded454dc20cc51 gv-3.5.8-10.i386.rpm
d18bed4ecc2e6770bb51566f8eb52568 gv-doc-html-3.5.8-10.i386.rpm
7.3 Installation
rpm -Fvh gv-3.5.8-10.i386.rpm
rpm -Fvh gv-doc-html-3.5.8-10.i386.rpm
7.4 Source Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-053.0/SRPMS
7.5 Source Packages
b3a98182f3c5667b255dff4b3cb887a0 gv-3.5.8-10.src.rpm
8. References
Specific references for this advisory:
http://www.epita.fr/~bevand_m/asa/asa-0000
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0838
iDEFENSE Security Advisory 09.26.2002
SCO security resources:
http://www.sco.com/support/security/index.html
This security fix closes SCO incidents sr869923, fz526236,
erg712135.
9. Disclaimer
SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers intended
to promote secure installation and use of SCO products.
10. Acknowledgements
Marc Bevand and David Endler discovered and researched this
vulnerability.
______________________________________________________________________________
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 237 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20021122/4ad7a1b5/attachment.bin
Powered by blists - more mailing lists