TUCoPS :: SCO :: bt1231.txt

UnixWare 7.1.3 Open UNIX 8.0.0 UnixWare 7.1.1 : OpenSSH: multiple buffer handling problems



To: announce@lists.sco.com bugtraq@securityfocus.com full-disclosure@lists.netsy
s.com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


______________________________________________________________________________

			SCO Security Advisory

Subject:		UnixWare 7.1.3 Open UNIX 8.0.0 UnixWare 7.1.1 : OpenSSH: multiple buffer handling problems
Advisory number: 	CSSA-2003-SCO.22
Issue date: 		2003 September 26
Cross reference:	sr883609 fz528218 erg712412 CERT VU#333628 VU#602204 CAN-2003-0693 CAN-2003-0695 CAN-2003-0682 CAN-2003-0786
______________________________________________________________________________


1. Problem Description

	Several buffer management errors and memory bugs are
	corrected by this patch. 

	The Common Vulnerabilities and Exposures project 
	(cve.mitre.org) has assigned the following names to 
	these issues. CAN-2003-0693, CAN-2003-0695, CAN-2003-0682, 
	CAN-2003-0786. 

	The CERT Coordination Center has assigned the following names 
	VU#333628, and VU#602204.  

	CERT VU#333628 / CAN-2003-0693: A "buffer management error"
	in buffer_append_space of buffer.c for OpenSSH before 3.7
	may allow remote attackers to execute arbitrary code by
	causing an incorrect amount of memory to be freed and
	corrupting the heap, a different vulnerability than
	CAN-2003-0695.

	CAN-2003-0695: Multiple "buffer management errors" in 
	OpenSSH before 3.7.1 may allow attackers to cause a 
	denial of service or execute arbitrary code using
	(1) buffer_init in buffer.c, (2) buffer_free in buffer.c,
	or (3) a separate function in channels.c, a different
	vulnerability than CAN-2003-0693. 

	CAN-2003-0682: "Memory bugs" in OpenSSH 3.7.1 and earlier, 
	with unknown impact, a different set of vulnerabilities than 
	CAN-2003-0693 and CAN-2003-0695. 

	CERT VU#602204 / CAN-2003-0786: Portable OpenSSH versions 
	3.7p1 and 3.7.1p1 contain multiple vulnerabilities in the 
	new PAM code. At least one of these bugs is remotely 
	exploitable (under a non-standard configuration, with privsep 
	disabled). UnixWare is not configured to use PAM, so is not vulnerable. 

	Software Notes and Recommendations
	---------------------------------- 
	erg712430 should only be installed on: UnixWare 7.1.1 or 7.1.2 
	or 8.0.0 or 7.1.3 

	If your system is running any libraries or commands that
	are contained in this SLS, then these programs will continue
	to run with the old versions of these libraries or commands
	until the the system is rebooted. 

	Note that when all necessary patches have been installed, it is good 
	practice to reboot the system at the earliest opportunity. This
	will ensure that no programs continue to run with the old
	libraries or commands.


2. Vulnerable Supported Versions

	System				Binaries
	----------------------------------------------------------------------
	UnixWare 7.1.3  
	Open UNIX 8.0.0 
	UnixWare 7.1.1 	
					/usr/bin/scp 
					/usr/bin/sftp 
					/usr/bin/ssh
					/usr/bin/ssh-add 
					/usr/bin/ssh-agent 
					/usr/bin/ssh-keygen
					/usr/bin/ssh-keyscan 
					/usr/sbin/sftp-server 
					/usr/sbin/ssh-keysign
					/usr/sbin/sshd 

3. Solution

	The proper solution is to install the latest packages.


4. UnixWare 7.1.3 / Open UNIX 8.0.0 / UnixWare 7.1.1

	4.1 Location of Fixed Binaries

	ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.22


	4.2 Verification

	MD5 (erg712430.Z) = 6102d1aa40261479ee31c35561db8514

	md5 is available for download from
		ftp://ftp.sco.com/pub/security/tools


	4.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following sequence:

		1. Download the erg712430.Z file to the /tmp directory on your machine.

		2. As root, uncompress the file and add the package to your system 
		using these commands:

	        $ su
	        Password: <type your root password>
	        # uncompress /tmp/erg712430.Z
	        # pkgadd -d /tmp/erg712430
	        # rm /tmp/erg712430

7. References

	Specific references for this advisory:
		http://www.openssh.com/txt/buffer.adv 
		http://www.mindrot.org/pipermail/openssh-unix-announce/2003-September/000063.html 
		http://www.freebsd.org/cgi/cvsweb.cgi/~checkout~/ports/security/openssh/files/patch-buffer.c 
		http://marc.theaimsgroup.com/?l=openbsd-misc&m=106371592604940 
		http://marc.theaimsgroup.com/?l=openbsd-security-announce&m=106375582924840

	SCO security resources:
		http://www.sco.com/support/security/index.html

	This security fix closes SCO incidents sr883609 fz528218
	erg712412.


8. Disclaimer

	SCO is not responsible for the misuse of any of the information
	we provide on this website and/or through our security
	advisories. Our advisories are a service to our customers
	intended to promote secure installation and use of SCO
	products.

______________________________________________________________________________


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAj90vQcACgkQaqoBO7ipriFnXwCfebMrsi8g8ylrY3OXlH6AV4MQ
AdwAn03qbJTBKg72XtP4vRK2kq/2GoBs
=M3an
-----END PGP SIGNATURE-----

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH