lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20030121140918.F14771@sco.com>
From: security at caldera.com (security@...dera.com)
Subject: Security Update: [CSSA-2003-005.0] Linux: canna buffer overflow and denial of service

To: bugtraq@...urityfocus.com announce@...ts.caldera.com security-alerts@...uxsecurity.com full-disclosure@...ts.netsys.com


______________________________________________________________________________

			SCO Security Advisory

Subject:		Linux: canna buffer overflow and denial of service
Advisory number: 	CSSA-2003-005.0
Issue date: 		2003 January 21
Cross reference:
______________________________________________________________________________


1. Problem Description

	Buffer overflow in canna allows local users to execute
	arbitrary code as the bin user.

	canna does not properly validate requests, which allows remote
	attackers to cause a denial of service or information leak.


2. Vulnerable Supported Versions

	System				Package
	----------------------------------------------------------------------

	OpenLinux 3.1.1 Server		prior to canna-3.5b2-8.i386.rpm
					prior to canna-devel-3.5b2-8.i386.rpm
					prior to canna-devel-static-3.5b2-8.i386.rpm

	OpenLinux 3.1.1 Workstation	prior to canna-3.5b2-8.i386.rpm
					prior to canna-devel-3.5b2-8.i386.rpm
					prior to canna-devel-static-3.5b2-8.i386.rpm


3. Solution

	The proper solution is to install the latest packages. Many
	customers find it easier to use the Caldera System Updater, called
	cupdate (or kcupdate under the KDE environment), to update these
	packages rather than downloading and installing them by hand.


4. OpenLinux 3.1.1 Server

	4.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-005.0/RPMS

	4.2 Packages

	91acd89bd9041e06c0a22e4d73b5bb1f	canna-3.5b2-8.i386.rpm
	890df673f86a9e3ef23d1770e75cc5e8	canna-devel-3.5b2-8.i386.rpm
	513aedd7b706851975e4cee968a2c66a	canna-devel-static-3.5b2-8.i386.rpm

	4.3 Installation

	rpm -Fvh canna-3.5b2-8.i386.rpm
	rpm -Fvh canna-devel-3.5b2-8.i386.rpm
	rpm -Fvh canna-devel-static-3.5b2-8.i386.rpm

	4.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-005.0/SRPMS

	4.5 Source Packages

	3e92b7252f01b1cb0e074cbe1bcd9227	canna-3.5b2-8.src.rpm


5. OpenLinux 3.1.1 Workstation

	5.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-005.0/RPMS

	5.2 Packages

	198b5ab5f66121a177db0090a727552d	canna-3.5b2-8.i386.rpm
	17f7e5c1090eae3842b0e96e24d24852	canna-devel-3.5b2-8.i386.rpm
	00c131c99ffc54975e1a7c1b2b95441f	canna-devel-static-3.5b2-8.i386.rpm

	5.3 Installation

	rpm -Fvh canna-3.5b2-8.i386.rpm
	rpm -Fvh canna-devel-3.5b2-8.i386.rpm
	rpm -Fvh canna-devel-static-3.5b2-8.i386.rpm

	5.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-005.0/SRPMS

	5.5 Source Packages

	e824ab48c8e0e363d36ed1ad6b105b0c	canna-3.5b2-8.src.rpm


6. References

	Specific references for this advisory:

		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1158
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1159

	SCO security resources:
		http://www.sco.com/support/security/index.html

	This security fix closes SCO incidents sr873579, fz527128,
	erg712199.


7. Disclaimer

	SCO is not responsible for the misuse of any of the information
	we provide on this website and/or through our security
	advisories. Our advisories are a service to our customers intended
	to promote secure installation and use of SCO products.


8. Acknowledgements

	Shinra Aida of the Canna project and "hsj" of Shadow Penguin
	Security discovered and researched these vulnerabilities.

______________________________________________________________________________
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 237 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030121/f4750914/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ