TUCoPS :: SCO :: deliver.htm

SCO OpenServer 5.0.6 MMDF buffer overflow

    deliver (MMDF)


    SCO OpenServer 5.0.6 upgrade from 5.0.x and 5.0.6 fresh install.


    Following  is  based  on  a  Strategic Reconnisiance Team Security
    Advisory  (SRT2001-03).   SCO   OpenServer  5.0.6  ships  with   a
    previously  known  buggy  MMDF  package.   SCO  Security  Bulletin
    2000.06  states  "Recently  Network  Associates,  Inc.  issued   a
    SECURITY ADVISORY against all versions  of MMDF prior to the  beta
    release  2.44a-B4"  however  SCO  still  released OpenServer 5.0.6
    with version  2.43.3b of  MMDF.   deliver has  poor processing  of
    command   line   arguments   resulting   in   a   buffer  overflow
    /opt/K/SCO/MMDF/2.43.3b/usr/mmdf/bin/deliver  will  core  dump  if
    fed more than 4085 chars.

        /opt/K/SCO/MMDF/2.43.3b/usr/mmdf/bin/deliver `perl -e 'print "A" x 5000'`
	    Memory fault - core dumped

    This problem makes  it possible to  overwrite memory space  of the
    running process, and potentially  execute code with the  inherited
    privileges of root.

    Credit goes to Kevin Finisterre.


    chmod    -s    /opt/K/SCO/MMDF/2.43.3b/usr/mmdf/bin/deliver     as
    workaround.  Vendor  was notified on  03/22/01.  Vendor  lab tests
    confirmed the issue.  Patch status is unknown.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH