[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20031107105212.A19746@caldera.com>
From: security at sco.com (security@....com)
Subject: OpenServer 5.0.7 : OpenSSH: multiple buffer handling problems
To: announce@...ts.caldera.com bugtraq@...urityfocus.com full-disclosure@...ts.netsys.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SCO Security Advisory
Subject: OpenServer 5.0.7 : OpenSSH: multiple buffer handling problems
Advisory number: CSSA-2003-SCO.24.1
Issue date: 2003 November 04
Cross reference: sr884749 fz528324 erg712436 CERT VU#33362 CERT VU#602204 CAN-2003-0693 CAN-2003-0786 CAN-2003-0695 CAN-2003-0682
______________________________________________________________________________
1. Problem Description
Version CSSA-2003-SCO.24.0 had a bug which caused it to
work only for a root login.
Several buffer management errors and memory bugs are
corrected by this patch.
The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the following
names to these issues. CAN-2003-0693, CAN-2003-0695,
CAN-2003-0682, CAN-2003-0786.
The CERT Coordination Center has assigned the following
names VU#333628, and VU#602204.
CERT VU#333628 / CAN-2003-0693: A "buffer management error"
in buffer_append_space of buffer.c for OpenSSH before 3.7
may allow remote attackers to execute arbitrary code by
causing an incorrect amount of memory to be freed and
corrupting the heap, a different vulnerability than
CAN-2003-0695
CAN-2003-0695: Multiple "buffer management errors" in
OpenSSH before 3.7.1 may allow attackers to cause a denial
of service or execute arbitrary code using (1) buffer_init
in buffer.c, (2) buffer_free in buffer.c, or (3) a separate
function in channels.c, a different vulnerability than
CAN-2003-0693.
CAN-2003-0682: "Memory bugs" in OpenSSH 3.7.1 and earlier,
with unknown impact, a different set of vulnerabilities
than CAN-2003-0693 and CAN-2003-0695.
CERT VU#602204 / CAN-2003-0786: Portable OpenSSH versions
3.7p1 and 3.7.1p1 contain multiple vulnerabilities in the
new PAM code. At least one of these bugs is remotely
exploitable (under a non-standard configuration, with
privsep disabled). OpenServer is not configured to use PAM,
so is not vulnerable.
2. Vulnerable Supported Versions
System Binaries
----------------------------------------------------------------------
OpenServer 5.0.7 OpenSSH Distribution
3. Solution
The proper solution is to install the latest packages.
4. OpenServer 5.0.7
4.1 Install Maintanance Pack 1
4.2 Install gwxlibs-1.3.2Ag
ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.29/CSSA-2003-SCO.29.txt
4.3 Location of Fixed Binaries
ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.24
4.4 Verification
MD5 (VOL.000.000) = c7b0c3fe58180819e0427d797594ede1
MD5 (VOL.000.001) = 301a17b2d2226c6dfe9e0606e1fa6e5b
MD5 (VOL.000.002) = 92bfaf84635b44b8df9702ef58843d34
MD5 (VOL.000.003) = c3bec5a2af450787a26877079208b3eb
md5 is available for download from
ftp://ftp.sco.com/pub/security/tools
4.3 Installing Fixed Binaries
Upgrade the affected binaries with the following sequence:
1) Download the VOL* files to the /tmp directory
2) Run the custom command, specify an install from media
images, and specify the /tmp directory as the location of
the images.
5. References
Specific references for this advisory:
http://www.openssh.com/txt/buffer.adv
http://www.mindrot.org/pipermail/openssh-unix-announce/2003-September/000063.html
http://www.freebsd.org/cgi/cvsweb.cgi/~checkout~/ports/security/openssh/files/patch-buffer.c
http://marc.theaimsgroup.com/?l=openbsd-misc&m=106371592604940
http://marc.theaimsgroup.com/?l=openbsd-security-announce&m=106375582924840
SCO security resources:
http://www.sco.com/support/security/index.html
This security fix closes SCO incidents sr884749 fz528324
erg712436.
6. Disclaimer
SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers
intended to promote secure installation and use of SCO
products.
______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (SCO/UNIX_SVR5)
iD8DBQE/q+NwaqoBO7ipriERAk2XAKCmoz0q1EvP06FqcbVQ73VtxJDSGgCfe4lq
//NxfitXUxxKY8fIhhcP1kM=
=E3rh
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists