| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: dotslash at snosoft.com (KF) Subject: Security Update: [CSSA-2003-SCO.4] UnixWare 7.1.1 Open UNIX 8.0.0 UnixWare 7.1.3 : Lax permissions on /dev/X did you ever resolve the xhost + issue? -KF security@...dera.com wrote: >To: bugtraq@...urityfocus.com announce@...ts.caldera.com scoannmod@...itec.on.ca full-disclosure@...ts.netsys.com > >______________________________________________________________________________ > > SCO Security Advisory > >Subject: UnixWare 7.1.1 Open UNIX 8.0.0 UnixWare 7.1.3 : Lax permissions on /dev/X >Advisory number: CSSA-2003-SCO.4 >Issue date: 2003 March 04 >Cross reference: >______________________________________________________________________________ > > >1. Problem Description > > The /dev/X directory is world readable and writable, and > the files in it are also world readable and writable. > Denial-of-Service attacks are possible, as well as possible > data hijacking. The X server sets these permissions when > it starts up, so there is no workaround for this issue. > > >2. Vulnerable Supported Versions > > System Binaries > ---------------------------------------------------------------------- > UnixWare 7.1.1 Standard X Distribution > Open UNIX 8.0.0 Standard X Distribution > UnixWare 7.1.3 Standard X Distribution > >3. Solution > > The proper solution is to install the latest packages. > > >4. UnixWare 7.1.1 > > 4.1 Location of Fixed Binaries > > ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.4 > > > 4.2 Verification > > MD5 (basex.pkg.Z) = 510888d562f6c2249555fefdae94d49d > MD5 (xserver.pkg.Z) = 74797f12d6e3e80300980854050f62ef > > md5 is available for download from > ftp://ftp.sco.com/pub/security/tools > > > 4.3 Installing Fixed Binaries > > Upgrade the affected binaries with the following sequence: > > Download basex.pkg.Z to the /var/spool/pkg directory > > # uncompress /var/spool/pkg/basex.pkg.Z > # pkgadd -d /var/spool/pkg/basex.pkg > > # uncompress /var/spool/pkg/xserver.pkg.Z > # pkgadd -d /var/spool/pkg/xserver.pkg > > >5. Open UNIX 8.0.0 > > 5.1 Location of Fixed Binaries > > ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.4 > > > 5.2 Verification > > MD5 (basex.pkg.Z) = 510888d562f6c2249555fefdae94d49d > MD5 (xserver.pkg.Z) = 74797f12d6e3e80300980854050f62ef > > md5 is available for download from > ftp://ftp.sco.com/pub/security/tools > > > 5.3 Installing Fixed Binaries > > Upgrade the affected binaries with the following sequence: > > Download basex.pkg.Z to the /var/spool/pkg directory > > # uncompress /var/spool/pkg/basex.pkg.Z > # pkgadd -d /var/spool/pkg/basex.pkg > > # uncompress /var/spool/pkg/xserver.pkg.Z > # pkgadd -d /var/spool/pkg/xserver.pkg > > >6. UnixWare 7.1.3 > > 6.1 Location of Fixed Binaries > > ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.4 > > > 6.2 Verification > > MD5 (basex.pkg.Z) = 510888d562f6c2249555fefdae94d49d > MD5 (xserver.pkg.Z) = 74797f12d6e3e80300980854050f62ef > > md5 is available for download from > ftp://ftp.sco.com/pub/security/tools > > > 6.3 Installing Fixed Binaries > > Upgrade the affected binaries with the following sequence: > > Download basex.pkg.Z to the /var/spool/pkg directory > > # uncompress /var/spool/pkg/basex.pkg.Z > # pkgadd -d /var/spool/pkg/basex.pkg > > # uncompress /var/spool/pkg/xserver.pkg.Z > # pkgadd -d /var/spool/pkg/xserver.pkg > > >7. References > > Specific references for this advisory: > > none > > SCO security resources: > > http://www.sco.com/support/security/index.html > > This security fix closes SCO incidents sr874992, sr874607, > fz527440, erg712231. > > >8. Disclaimer > > SCO is not responsible for the misuse of any of the information > we provide on this website and/or through our security > advisories. Our advisories are a service to our customers > intended to promote secure installation and use of SCO > products. > >______________________________________________________________________________ > >
Powered by blists - more mailing lists