|
To: bugtraq@securityfocus.com announce@lists.caldera.com full-disclosure@lists.netsys.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SCO Security Advisory Subject: OpenServer 5.0.7 OpenServer 5.0.6 OpenServer 5.0.5 : wu-ftpd fb_realpath() off-by-one bug Advisory number: CSSA-2003-SCO.20 Issue date: 2003 September 18 Cross reference: sr882339 fz528115 erg712363 ______________________________________________________________________________ 1. Problem Description Wu-ftpd FTP server contains remotely exploitable off-by-one bug. A local or remote attacker could exploit this vulnerability to gain root privileges on a vulnerable system. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0466 to this issue. 2. Vulnerable Supported Versions System Binaries ---------------------------------------------------------------------- OpenServer 5.0.5 - 5.0.7 /etc/ftpd 3. Solution The proper solution is to install the latest packages. 4. OpenServer 5.0.7 4.1 Install Maintenance pack 1. 4.2 Location of Maintenance pack 1. ftp://ftp.sco.com/pub/openserver5/osr507mp/ 4.3 Installing Maintenance pack 1. Upgrade the affected binaries with the following sequence: 1) Download the VOL* files to the /tmp directory 2) Run the custom command, specify an install from media images, and specify the /tmp directory as the location of the images. 5. OpenServer 5.0.6 - 5.0.5 5.1 First, install: OSS646B - Execution Environment Supplement 5.2 Location of Fixed Binaries ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.20 5.3 Verification MD5 (VOL.000.000) = 7cde8ff3cf05658b054dae20f6620bcb md5 is available for download from ftp://ftp.sco.com/pub/security/tools 5.4 Installing Fixed Binaries Upgrade the affected binaries with the following sequence: 1) Download the VOL* files to the /tmp directory 2) Run the custom command, specify an install from media images, and specify the /tmp directory as the location of the images. 6. References Specific references for this advisory: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0466 http://isec.pl/vulnerabilities/isec-0011-wu-ftpd.txt http://www.ciac.org/ciac/bulletins/n-132.shtml SCO security resources: http://www.sco.com/support/security/index.html This security fix closes SCO incidents sr882339 fz528115 erg712363. 8. Disclaimer SCO is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of SCO products. 9. Acknowledgments SCO would like to thank Wojciech Purczynski and Janusz Niewiadomski for the advisory. ______________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux) iD8DBQE/bzTsaqoBO7ipriERAidHAJ4wpBW9J3GCPEwn6Mak9t5+XAZAwgCghQSs q7S5CxTJrBp2c0KqG+NM+Zw= =4pz6 -----END PGP SIGNATURE-----