TUCoPS :: SCO :: bt1656.txt

OpenServer 5.0.7 : OpenSSH: multiple buffer handling problems



To: announce@lists.caldera.com bugtraq@securityfocus.com full-disclosure@lists.netsys.com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


______________________________________________________________________________

			SCO Security Advisory

Subject:		OpenServer 5.0.7 : OpenSSH: multiple buffer handling problems
Advisory number: 	CSSA-2003-SCO.24.1
Issue date: 		2003 November 04
Cross reference: 	sr884749 fz528324 erg712436 CERT VU#33362 CERT VU#602204 CAN-2003-0693  CAN-2003-0786 CAN-2003-0695 CAN-2003-0682
______________________________________________________________________________


1. Problem Description

	 Version CSSA-2003-SCO.24.0 had a bug which caused it to 
	 work only for a root login.

	 Several buffer management errors and memory bugs are
	 corrected by this patch. 
	 
	 The Common Vulnerabilities and Exposures project 
	 (cve.mitre.org) has assigned the following
	 names to these issues. CAN-2003-0693, CAN-2003-0695,
	 CAN-2003-0682, CAN-2003-0786. 
	 
	 The CERT Coordination Center has assigned the following 
	 names VU#333628, and VU#602204.

	 CERT VU#333628 / CAN-2003-0693: A "buffer management error"
	 in buffer_append_space of buffer.c for OpenSSH before 3.7
	 may allow remote attackers to execute arbitrary code by
	 causing an incorrect amount of memory to be freed and
	 corrupting the heap, a different vulnerability than
	 CAN-2003-0695 
	 
	 CAN-2003-0695: Multiple "buffer management errors" in 
	 OpenSSH before 3.7.1 may allow attackers to cause a denial 
	 of service or execute arbitrary code using (1) buffer_init 
	 in buffer.c, (2) buffer_free in buffer.c, or (3) a separate 
	 function in channels.c, a different vulnerability than 
	 CAN-2003-0693. 
	 
	 CAN-2003-0682: "Memory bugs" in OpenSSH 3.7.1 and earlier, 
	 with unknown impact, a different set of vulnerabilities 
	 than CAN-2003-0693 and CAN-2003-0695. 
	 
	 CERT VU#602204 / CAN-2003-0786: Portable OpenSSH versions 
	 3.7p1 and 3.7.1p1 contain multiple vulnerabilities in the 
	 new PAM code. At least one of these bugs is remotely 
	 exploitable (under a non-standard configuration, with 
	 privsep disabled). OpenServer is not configured to use PAM, 
	 so is not vulnerable.


2. Vulnerable Supported Versions

	System				Binaries
	----------------------------------------------------------------------
	OpenServer 5.0.7 		OpenSSH Distribution


3. Solution

	The proper solution is to install the latest packages.


4. OpenServer 5.0.7

	4.1 Install Maintanance Pack 1

	4.2 Install gwxlibs-1.3.2Ag

	ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.29/CSSA-2003-SCO.29.txt

	4.3 Location of Fixed Binaries

	ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.24

	4.4 Verification

	MD5 (VOL.000.000) = c7b0c3fe58180819e0427d797594ede1
	MD5 (VOL.000.001) = 301a17b2d2226c6dfe9e0606e1fa6e5b
	MD5 (VOL.000.002) = 92bfaf84635b44b8df9702ef58843d34
	MD5 (VOL.000.003) = c3bec5a2af450787a26877079208b3eb

	md5 is available for download from
		ftp://ftp.sco.com/pub/security/tools


	4.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following sequence:

	1) Download the VOL* files to the /tmp directory

	2) Run the custom command, specify an install from media
	images, and specify the /tmp directory as the location of
	the images.


5. References

	Specific references for this advisory:
		http://www.openssh.com/txt/buffer.adv 
		http://www.mindrot.org/pipermail/openssh-unix-announce/2003-September/000063.html 
		http://www.freebsd.org/cgi/cvsweb.cgi/~checkout~/ports/security/openssh/files/patch-buffer.c 
		http://marc.theaimsgroup.com/?l=openbsd-misc&m=106371592604940 
		http://marc.theaimsgroup.com/?l=openbsd-security-announce&m=106375582924840

	SCO security resources:
		http://www.sco.com/support/security/index.html

	This security fix closes SCO incidents sr884749 fz528324
	erg712436.


6. Disclaimer

	SCO is not responsible for the misuse of any of the information
	we provide on this website and/or through our security
	advisories. Our advisories are a service to our customers
	intended to promote secure installation and use of SCO
	products.

______________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (SCO/UNIX_SVR5)

iD8DBQE/q+NwaqoBO7ipriERAk2XAKCmoz0q1EvP06FqcbVQ73VtxJDSGgCfe4lq
//NxfitXUxxKY8fIhhcP1kM=
=E3rh
-----END PGP SIGNATURE-----

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH