TUCoPS :: SCO :: bt1309.txt

OpenServer 5.0.5 : Insecure creation of files in /tmp 



To: announce@lists.caldera.com bugtraq@securityfocus.com full-disclosure@lists.n
etsys.com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


______________________________________________________________________________

			SCO Security Advisory

Subject:		OpenServer 5.0.5 : Insecure creation of files in /tmp
Advisory number: 	CSSA-2003-SCO.27
Issue date: 		2003 October 20
Cross reference:	sr865679 fz521201 erg712072 CAN-2003-0872
______________________________________________________________________________


1. Problem Description

	Several scripts use files /tmp in a insecure way. These
	filenames can be symlinked to by a malicious user, and cause
	various nefarious things to happen. 

	OpenServer 5.0.6 has previously fixed all these scripts,
	hence this issue does not affect OpenServer 5.0.6 or 5.0.7.	

	The Common Vulnerabilities and Exposures (CVE) project has assigned
        the name CAN-2003-0872 to this issue. This is a candidate for
        inclusion in the CVE list (http://cve.mitre.org), which standardizes
        names for security problems. Candidates may change significantly
        before they become official CVE entries.

2. Vulnerable Supported Versions

	System				Binaries
	----------------------------------------------------------------------
	OpenServer 5.0.5 		/etc/init.d/VDISK
					/etc/init.d/VDRESTORE
					/etc/tcp
					/usr/lib/mkdev/hostmib
					/etc/init.d/hostmib
					/etc/nfs
					/etc/nis
					/etc/rpcinit
					/usr/lib/cleantmp

3. Solution

	The proper solution is to install the latest packages.


4. OpenServer 5.0.5

	4.1 Location of Fixed Binaries

	ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.27


	4.2 Verification

	MD5 (VOL.000.000) = 24ea1000e89272a3d2f12d9fd05de83f

	md5 is available for download from
		ftp://ftp.sco.com/pub/security/tools


	4.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following sequence:

	1) Download the VOL* files to the /tmp directory

	2) Run the custom command, specify an install from media
	images, and specify the /tmp directory as the location of
	the images.


5. References

	http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0872

	SCO security resources:
		http://www.sco.com/support/security/index.html

	This security fix closes SCO incidents sr865679 fz521201
	erg712072.


6. Disclaimer

	SCO is not responsible for the misuse of any of the information
	we provide on this website and/or through our security
	advisories. Our advisories are a service to our customers
	intended to promote secure installation and use of SCO
	products.

7. Acknowledgments

        These vulnerabilities were discovered by Tomasz Kusmierz.

______________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (SCO/UNIX_SVR5)

iD8DBQE/lHnpaqoBO7ipriERAmjsAKCKdkBHb9SdVFuJILsGQR77ULb7cQCfR+Gm
I44TmGqRUrGA8q2pjJ/RVc0=
=S+GY
-----END PGP SIGNATURE-----

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH