[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

UNIRAS Brief - 144/04 - Two SCO Security Advisories



 
-----BEGIN PGP SIGNED MESSAGE-----

- ----------------------------------------------------------------------------------
   UNIRAS (UK Govt CERT) Briefing Notice - 144/04 dated 30.03.04  Time: 10:30  
  UNIRAS is part of NISCC (National Infrastructure Security Co-ordination Centre)
- ---------------------------------------------------------------------------------- 
  UNIRAS material is also available from its website at www.uniras.gov.uk and
         Information about NISCC is available from www.niscc.gov.uk
- ----------------------------------------------------------------------------------

Title
=====

Two SCO Security Advisories:

1. mc Updated packages resolve local buffer overflow vulnerability

2. OpenLinux: mutt remote buffer overflow


Detail
====== 

1. Stack-based buffer overflow in vfs_s_resolve_symlink of vfs/direntry.c for
Midnight Commander (mc) 4.6.0 and earlier, and possibly later versions,
allows remote attackers to execute arbitrary code during symlink conversion.
	 

2. Buffer overflow in the index menu code for Mutt 1.4.1 and earlier allows remote
attackers to cause a denial of service and possibly execute arbitrary code via 
certain mail messages. 
	



1.
______________________________________________________________________________

			SCO Security Advisory

Subject:		OpenLinux: mc Updated packages resolve local buffer overflow vulnerability
Advisory number: 	CSSA-2004-014.0
Issue date: 		2004 March 25
Cross reference:	sr889551 fz528937 erg712553 CAN-2003-1023
______________________________________________________________________________


1. Problem Description

	Stack-based buffer overflow in vfs_s_resolve_symlink of
	vfs/direntry.c for Midnight Commander (mc) 4.6.0 and earlier,
	and possibly later versions, allows remote attackers to
	execute arbitrary code during symlink conversion. 

	The Common Vulnerabilities and Exposures project (cve.mitre.org) 
	has assigned the name CAN-2003-1023 to this issue.


2. Vulnerable Supported Versions

	System				Package
	----------------------------------------------------------------------
	OpenLinux 3.1.1 Server		prior to mc-4.5.51-6.i386.rpm
					prior to mc-doc-4.5.51-6.i386.rpm

	OpenLinux 3.1.1 Workstation	prior to mc-4.5.51-6.i386.rpm
					prior to mc-doc-4.5.51-6.i386.rpm


3. Solution

	The proper solution is to install the latest packages. 

	Unix users with Linux Kernel Personality can use the Caldera System
	Updater, called cupdate (or kcupdate under the KDE environment),
	to update these packages rather than downloading and installing
	them by hand.


4. OpenLinux 3.1.1 Server

	4.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-014.0/RPMS

	4.2 Packages

	683f2374c3602c3d4680d033da405a91	mc-4.5.51-6.i386.rpm
	1d1737ac2576c2571cfc6132d31ca89a	mc-doc-4.5.51-6.i386.rpm

	4.3 Installation

	rpm -Fvh mc-4.5.51-6.i386.rpm
	rpm -Fvh mc-doc-4.5.51-6.i386.rpm

	4.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-014.0/SRPMS

	4.5 Source Packages

	728be58503d28303c1446b1954d85340	mc-4.5.51-6.src.rpm


5. OpenLinux 3.1.1 Workstation

	5.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2004-014.0/RPMS

	5.2 Packages

	936ff3ee57f8bee7ccb96581ccdeca63	mc-4.5.51-6.i386.rpm
	126a8cc66def304a321bc4dad071bc4a	mc-doc-4.5.51-6.i386.rpm

	5.3 Installation

	rpm -Fvh mc-4.5.51-6.i386.rpm
	rpm -Fvh mc-doc-4.5.51-6.i386.rpm

	5.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2004-014.0/SRPMS

	5.5 Source Packages

	98f3e31a702d2e890f9781753429d2dc	mc-4.5.51-6.src.rpm


6. References

	Specific references for this advisory:
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-1023

	SCO security resources:
		http://www.sco.com/support/security/index.html

	This security fix closes SCO incidents sr889551 fz528937
	erg712553.


7. Disclaimer

	SCO is not responsible for the misuse of any of the information
	we provide on this website and/or through our security
	advisories. Our advisories are a service to our customers intended
	to promote secure installation and use of SCO products.


8. Acknowledgements

	SCO would like to thank Ilya Teterin






2.


______________________________________________________________________________

			SCO Security Advisory

Subject:		OpenLinux: mutt remote buffer overflow
Advisory number: 	CSSA-2004-013.0
Issue date: 		2004 March 25
Cross reference:	sr889558 fz528947 erg712561 CAN-2004-0078
______________________________________________________________________________


1. Problem Description

	Buffer overflow in the index menu code for Mutt 1.4.1 and
	earlier allows remote attackers to cause a denial of service and
	possibly execute arbitrary code via certain mail messages. 

	The Common Vulnerabilities and Exposures project (cve.mitre.org)
	has assigned the name CAN-2004-0078 to this issue.


2. Vulnerable Supported Versions

	System				Package
	----------------------------------------------------------------------
	OpenLinux 3.1.1 Server		prior to mutt-1.2.5-13.i386.rpm
	OpenLinux 3.1.1 Workstation	prior to mutt-1.2.5-13.i386.rpm


3. Solution

	The proper solution is to install the latest packages. Unix
	users with Linux Kernel Personality can use the Caldera System
	Updater, called cupdate (or kcupdate under the KDE environment),
	to update these packages rather than downloading and installing
	them by hand.


4. OpenLinux 3.1.1 Server

	4.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-013.0/RPMS

	4.2 Packages

	0841eab516ca4fe0c95ccfcec317c2ad	mutt-1.2.5-13.i386.rpm

	4.3 Installation

	rpm -Fvh mutt-1.2.5-13.i386.rpm

	4.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-013.0/SRPMS

	4.5 Source Packages

	08ff88553dc3366e1e0a32f077bbd785	mutt-1.2.5-13.src.rpm


5. OpenLinux 3.1.1 Workstation

	5.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2004-013.0/RPMS

	5.2 Packages

	82ed6b14289ad7217dc30af238127854	mutt-1.2.5-13.i386.rpm

	5.3 Installation

	rpm -Fvh mutt-1.2.5-13.i386.rpm

	5.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2004-013.0/SRPMS

	5.5 Source Packages

	823f373aeb88f47575edf9a11bd8beba	mutt-1.2.5-13.src.rpm


6. References

	Specific references for this advisory:
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0078
		http://marc.theaimsgroup.com/?l=bugtraq&m=107651677817933&w=2

	SCO security resources:
		http://www.thescogroup.com/support/security/index.html

	This security fix closes SCO incidents sr889558 fz528947
	erg712561.


7. Disclaimer

	SCO is not responsible for the misuse of any of the information
	we provide on this website and/or through our security
	advisories. Our advisories are a service to our customers intended
	to promote secure installation and use of SCO products.


8. Acknowledgements

	The problem in the stable mutt code base was originally reported 
	to Red Hat by Niels Heinen.

______________________________________________________________________________





For additional information or assistance, please contact the HELP Desk by 
telephone or Not Protectively Marked information may be sent via 
EMail to: uniras@xxxxxxxxxxxx

Office Hours:
Mon - Fri: 08:30 - 17:00 Hrs
Tel: +44 (0) 20 7821 1330 Ext 4511
Fax: +44 (0) 20 7821 1686

Outside of Office Hours:
On Call Duty Officer:
Tel: +44 (0) 20 7821 1330 and follow the prompts

- ----------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of SCO for the information 
contained in this Briefing. 
- ----------------------------------------------------------------------------------
This Briefing contains the information released by the original author. Some 
of the information may have changed since it was released. If the vulnerability 
affects you, it may be prudent to retrieve the advisory from the canonical site 
to ensure that you receive the most current information concerning that problem.

Reference to any specific commercial product, process, or service by trade 
name, trademark manufacturer, or otherwise, does not constitute or imply 
its endorsement, recommendation, or favouring by UNIRAS or NISCC.  The views 
and opinions of authors expressed within this notice shall not be used for 
advertising or product endorsement purposes.

Neither UNIRAS or NISCC shall also accept responsibility for any errors 
or omissions contained within this briefing notice. In particular, they shall 
not be liable for any loss or damage whatsoever, arising from or in connection 
with the usage of information contained within this notice.

UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST) 
and has contacts with other international Incident Response Teams (IRTs) in 
order to foster cooperation and coordination in incident prevention, to prompt 
rapid reaction to incidents, and to promote information sharing amongst its 
members and the community at large. 
- ----------------------------------------------------------------------------------
<End of UNIRAS Briefing>

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQCVAwUBQGk+dopao72zK539AQFI7QQAiTVzGz1jL32QGX6+RWZrDZWCWIVr3au7
igSkeD52OywraDLMWuaE8MEG8jrQl5Kiw/t6DfHUqoycAZ2bcnz4dnntCnDgNOaF
BOKwru6hiyZnpupH1cxfXPmOpoC3dG8NA8wl6KCv4RkDyHbwhJkj1eNKtTu3ThmI
FL3WbZ2sn9E=
=TncL
-----END PGP SIGNATURE-----