[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Caldera] Zwei Schwachstellen in wget - CSSA-2003-003.0
-----BEGIN PGP SIGNED MESSAGE-----
Liebe Kolleginnen und Kollegen,
soeben erreichte uns nachfolgende Warnung von Caldera International
Inc. ueber Sicherheitsprobleme in "wget". Wir geben diese
Informationen unveraendert an Sie weiter.
Wir gaben bereits Advisories zu beiden Schwachstellen weiter. Zur
Erinnerung:
In der Funktion url_filename besteht die Moeglichkeit eines Buffer
Overflows, der zum Absturz von wget fuehren kann, wenn sehr lange URLs
angegeben werden.
Weiterhin beruecksichtigt das Programm wget fehlerhafterweise relative
Pfadangaben bei Programmnamen, die vom FTP Server heruntergeladen
werden. Ein Angreifer kann diese Schwachstelle durch einen
entsprechend konstruierten FTP Server ausnutzen, um beliebige Dateien
mit den Rechten des wget Benutzers anzulegen oder zu ueberschreiben.
Betroffen ist wget vor der Version for 1.7.1-3 in den Distributionen
OpenLinux 3.1 und 3.1.1 (Server und Workstation). Der Hersteller
stellt Patches zur Behebung der Sicherheitsluecken zur Verfuegung,
deren genaue Adressen dem angehaengten Advisory entnommen werden
koennen.
(c) der deutschen Zusammenfassung bei DFN-CERT GmbH; die Verbreitung,
auch auszugsweise, ist nur unter Hinweis auf den Urheber, DFN-CERT
GmbH, und nur zu nicht kommerziellen Zwecken gestattet.
Mit freundlichen Gruessen,
Andreas Bunten, DFN-CERT
- --
Andreas Bunten | mailto:bunten@xxxxxxxxxxx
DFN-CERT GmbH | http://www.cert.dfn.de/team/bunten/
Oberstrasse 14b | Phone: +49(40)808077-555
D-20144 Hamburg | FAX: +49(40)808077-556
Germany | PGP-Key: finger bunten@xxxxxxxxxxxxxxx
PGP-Key fingerprint = 25 E9 A6 DD 15 6C 09 70 9D 05 10 2B C7 AB C2 31
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SCO Security Advisory
Subject: Linux: wget directory traversal and buffer overrun vulnerabilities
Advisory number: CSSA-2003-003.0
Issue date: 2003 January 16
Cross reference:
______________________________________________________________________________
1. Problem Description
Stefano Zacchiroli found a buffer overrun in the url_filename
function, which would make wget segfault on very long urls.
Steven M. Christey discovered that wget did not verify the FTP
server response to a NLST command: it must not contain any
directory information, since that can be used to make a FTP
client overwrite arbitrary files.
2. Vulnerable Supported Versions
System Package
----------------------------------------------------------------------
OpenLinux 3.1.1 Server prior to wget-1.7.1-3.i386.rpm
OpenLinux 3.1.1 Workstation prior to wget-1.7.1-3.i386.rpm
OpenLinux 3.1 Server prior to wget-1.7.1-3.i386.rpm
OpenLinux 3.1 Workstation prior to wget-1.7.1-3.i386.rpm
3. Solution
The proper solution is to install the latest packages. Many
customers find it easier to use the Caldera System Updater, called
cupdate (or kcupdate under the KDE environment), to update these
packages rather than downloading and installing them by hand.
4. OpenLinux 3.1.1 Server
4.1 Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-003.0/RPMS
4.2 Packages
0adc5e5568cc589b9ab90ebb0e181e65 wget-1.7.1-3.i386.rpm
4.3 Installation
rpm -Fvh wget-1.7.1-3.i386.rpm
4.4 Source Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-003.0/SRPMS
4.5 Source Packages
b443ec3aa56abaa8236a88bffebba036 wget-1.7.1-3.src.rpm
5. OpenLinux 3.1.1 Workstation
5.1 Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-003.0/RPMS
5.2 Packages
d5ef7e346ec79bead0cba20189904a11 wget-1.7.1-3.i386.rpm
5.3 Installation
rpm -Fvh wget-1.7.1-3.i386.rpm
5.4 Source Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-003.0/SRPMS
5.5 Source Packages
02c04170cbdef2de1b1f2c1a478681f7 wget-1.7.1-3.src.rpm
6. OpenLinux 3.1 Server
6.1 Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2003-003.0/RPMS
6.2 Packages
7c2901898d0cc4d0bbb6132d82fefd0e wget-1.7.1-3.i386.rpm
6.3 Installation
rpm -Fvh wget-1.7.1-3.i386.rpm
6.4 Source Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2003-003.0/SRPMS
6.5 Source Packages
b19f59dedcd9b2382a41c8af3cf056d0 wget-1.7.1-3.src.rpm
7. OpenLinux 3.1 Workstation
7.1 Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2003-003.0/RPMS
7.2 Packages
fbba3488352d9617a0b3b6507633c312 wget-1.7.1-3.i386.rpm
7.3 Installation
rpm -Fvh wget-1.7.1-3.i386.rpm
7.4 Source Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2003-003.0/SRPMS
7.5 Source Packages
7a30085d938ad07bde1f67267910a71d wget-1.7.1-3.src.rpm
8. References
Specific references for this advisory:
http://marc.theaimsgroup.com/?l=bugtraq&m=103962838628940&w=2
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1344
http://www.kb.cert.org/vuls/id/210148
SCO security resources:
http://www.sco.com/support/security/index.html
This security fix closes SCO incidents sr872622, fz526854,
erg712181.
9. Disclaimer
SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers intended
to promote secure installation and use of SCO products.
10. Acknowledgements
Stefano Zacchiroli and Steve Christey (coley@xxxxxxxxx)
discovered and researched these vulnerabilities.
______________________________________________________________________________
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAj4nH3wACgkQbluZssSXDTGz1QCgihb6uP8arcpXuenOHJBMI12W
2jsAoPq63b8CoyYQ4cNgBPwL1Rv2zARx
=TlL+
- -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (SunOS)
iQEVAwUBPivNjSgU04YpslABAQGZXQf/WcXd50ur8VjKMt/oacwafuRWVK2NYZcj
UruoUfjiy7nAr6mtqIYXRPgEvf5zdfw5iz6cJoftyup3tj5wqCrovNHWeA4t/oZ4
3cxpIdSeYXUbLAj2kFYa0xyw/Dfijx8zlNrP/t+sh56bhcycfsV0RFxI9PZ2TsZ3
J7sYx8+7vtb0F7d5g9Goa/3DGlc9gVIhcv1ZF9iyVo5BKgttRMhvYlawZLudGbPc
xp9PK+E96quhjsLLZL6C97ibLfLX4mx5xmhXw/++IDIn/cBVVY4DkJ8e1WuTnOzP
17M9Js6Ll16/Lrnir744TxUEgOI/rOCQk9Ofb/D57y4nt0Tlph90qg==
=5e7M
-----END PGP SIGNATURE-----