TUCoPS :: SCO :: bt1231.txt

UnixWare 7.1.3 Open UNIX 8.0.0 UnixWare 7.1.1 : OpenSSH: multiple buffer handling problems

To: announce@lists.sco.com bugtraq@securityfocus.com full-disclosure@lists.netsy

Hash: SHA1


			SCO Security Advisory

Subject:		UnixWare 7.1.3 Open UNIX 8.0.0 UnixWare 7.1.1 : OpenSSH: multiple buffer handling problems
Advisory number: 	CSSA-2003-SCO.22
Issue date: 		2003 September 26
Cross reference:	sr883609 fz528218 erg712412 CERT VU#333628 VU#602204 CAN-2003-0693 CAN-2003-0695 CAN-2003-0682 CAN-2003-0786

1. Problem Description

	Several buffer management errors and memory bugs are
	corrected by this patch. 

	The Common Vulnerabilities and Exposures project 
	(cve.mitre.org) has assigned the following names to 
	these issues. CAN-2003-0693, CAN-2003-0695, CAN-2003-0682, 

	The CERT Coordination Center has assigned the following names 
	VU#333628, and VU#602204.  

	CERT VU#333628 / CAN-2003-0693: A "buffer management error"
	in buffer_append_space of buffer.c for OpenSSH before 3.7
	may allow remote attackers to execute arbitrary code by
	causing an incorrect amount of memory to be freed and
	corrupting the heap, a different vulnerability than

	CAN-2003-0695: Multiple "buffer management errors" in 
	OpenSSH before 3.7.1 may allow attackers to cause a 
	denial of service or execute arbitrary code using
	(1) buffer_init in buffer.c, (2) buffer_free in buffer.c,
	or (3) a separate function in channels.c, a different
	vulnerability than CAN-2003-0693. 

	CAN-2003-0682: "Memory bugs" in OpenSSH 3.7.1 and earlier, 
	with unknown impact, a different set of vulnerabilities than 
	CAN-2003-0693 and CAN-2003-0695. 

	CERT VU#602204 / CAN-2003-0786: Portable OpenSSH versions 
	3.7p1 and 3.7.1p1 contain multiple vulnerabilities in the 
	new PAM code. At least one of these bugs is remotely 
	exploitable (under a non-standard configuration, with privsep 
	disabled). UnixWare is not configured to use PAM, so is not vulnerable. 

	Software Notes and Recommendations
	erg712430 should only be installed on: UnixWare 7.1.1 or 7.1.2 
	or 8.0.0 or 7.1.3 

	If your system is running any libraries or commands that
	are contained in this SLS, then these programs will continue
	to run with the old versions of these libraries or commands
	until the the system is rebooted. 

	Note that when all necessary patches have been installed, it is good 
	practice to reboot the system at the earliest opportunity. This
	will ensure that no programs continue to run with the old
	libraries or commands.

2. Vulnerable Supported Versions

	System				Binaries
	UnixWare 7.1.3  
	Open UNIX 8.0.0 
	UnixWare 7.1.1 	

3. Solution

	The proper solution is to install the latest packages.

4. UnixWare 7.1.3 / Open UNIX 8.0.0 / UnixWare 7.1.1

	4.1 Location of Fixed Binaries


	4.2 Verification

	MD5 (erg712430.Z) = 6102d1aa40261479ee31c35561db8514

	md5 is available for download from

	4.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following sequence:

		1. Download the erg712430.Z file to the /tmp directory on your machine.

		2. As root, uncompress the file and add the package to your system 
		using these commands:

	        $ su
	        Password: <type your root password>
	        # uncompress /tmp/erg712430.Z
	        # pkgadd -d /tmp/erg712430
	        # rm /tmp/erg712430

7. References

	Specific references for this advisory:

	SCO security resources:

	This security fix closes SCO incidents sr883609 fz528218

8. Disclaimer

	SCO is not responsible for the misuse of any of the information
	we provide on this website and/or through our security
	advisories. Our advisories are a service to our customers
	intended to promote secure installation and use of SCO


Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH