[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

UNIRAS Brief - 564/04 - Two SCO Security Advisories:



 
-----BEGIN PGP SIGNED MESSAGE-----

- ----------------------------------------------------------------------------------
   UNIRAS (UK Govt CERT) Briefing Notice - 564/04 dated 14.10.04  Time: 14:45  
  UNIRAS is part of NISCC (National Infrastructure Security Co-ordination Centre)
- ---------------------------------------------------------------------------------- 
  UNIRAS material is also available from its website at www.uniras.gov.uk and
         Information about NISCC is available from www.niscc.gov.uk
- ----------------------------------------------------------------------------------

Title
=====

Two SCO Security Advisories: 

1. UnixWare 7.1.4 : Multiple Vulnerabilities in libpng

2. UnixWare 7.1.3up UnixWare 7.1.4 : CUPS before 1.1.21 allows 
   remote attackers to cause a denial of service

Detail
====== 

1. Several vulnerabilities exist in the libpng library, the
most serious of which could allow a remote attacker to
execute arbitrary code on an affected system. 

2. The Internet Printing Protocol (IPP) implementation in 
CUPS before 1.1.21 allows remote attackers to cause a 
denial of service via a certain UDP packet to the IPP port.




1.



- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


______________________________________________________________________________

			SCO Security Advisory

Subject:		UnixWare 7.1.4 : Multiple Vulnerabilities in libpng
Advisory number: 	SCOSA-2004.16
Issue date: 		2004 October 07
Cross reference:	sr891394 fz530149 erg712684 CAN-2004-0597 CAN-2004-0598 CAN-2004-0599 
CAN-2004-0768 VU#388984 VU#236656 VU#160448 VU#477512 VU#817368 VU#286464 TA04-217A
______________________________________________________________________________


1. Problem Description

	Several vulnerabilities exist in the libpng library, the
	most serious of which could allow a remote attacker to
	execute arbitrary code on an affected system. 

	CERT Technical Cyber Security Alert TA04-217A 

	VU#388984 - libpng fails to properly check length of 
	            transparency chunk (tRNS) data.  The  
	            Common Vulnerabilities and Exposures project 
	            (cve.mitre.org) has assigned the following name 
	            CAN-2004-0597 to this issue.

	VU#236656 - libpng png_handle_iCCP() NULL pointer dereference 
	            The  Common Vulnerabilities and Exposures project 
	            (cve.mitre.org) has assigned the following name 
	            CAN-2004-0598 to this issue.

	VU#160448 - libpng integer overflow in image height processing 
	            The  Common Vulnerabilities and Exposures project 
	            (cve.mitre.org) has assigned the following name 
	            CAN-2004-0599 to this issue.

	VU#477512 - libpng png_handle_sPLT() integer overflow 
	            The  Common Vulnerabilities and Exposures project 
	            (cve.mitre.org) has assigned the following name 
	            CAN-2004-0599 to this issue.

	VU#817368 - libpng png_handle_sBIT() performs insufficient 
	            bounds checking.  The  Common Vulnerabilities 
	            and Exposures project (cve.mitre.org) has assigned 
	            the following name CAN-2004-0597 to this issue.

	VU#286464 - libpng contains integer overflows in progressive display
	            image reading.  The  Common Vulnerabilities and Exposures 
	            project (cve.mitre.org) has assigned the following name 
	            CAN-2004-0599 to this issue.

2. Vulnerable Supported Versions

	System				Files
	----------------------------------------------------------------------
	UnixWare 7.1.4 			/usr/include/png.h
					/usr/include/pngconf.h
					/usr/lib/libpng.a
					/usr/lib/libpng.so.3.1.2.7
					/usr/man/man.3/libpng.3
					/usr/man/man.3/libpngpf.3
					/usr/man/man.5/png.5
3. Solution

	The proper solution is to install the latest packages.

4. UnixWare 7.1.4

	4.1 Location of Fixed Binaries

	ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.16

	4.2 Verification

	MD5 (erg712684.pkg) = 78920b002aaeb097149084dc7451ce83

	md5 is available for download from
		ftp://ftp.sco.com/pub/security/tools

	4.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following sequence:

	Download erg712684.pkg to the /var/spool/pkg directory

	# pkgadd -d /var/spool/pkg/erg712684.pkg


5. References

	Specific references for this advisory:
		http://libpng.sourceforge.net 
		http://www.libpng.org/pub/png 
		http://scary.beasts.org/security/CESA-2004-001.txt 
		http://www.us-cert.gov/cas/techalerts/TA04-217A.html 
		http://www.kb.cert.org/vuls/id/388984 
		http://www.kb.cert.org/vuls/id/817368 
		http://www.kb.cert.org/vuls/id/286484 
		http://www.kb.cert.org/vuls/id/477512 
		http://www.kb.cert.org/vuls/id/160448 
		http://www.kb.cert.org/vuls/id/236656 
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0597 
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0598 
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0599

	SCO security resources:
		http://www.sco.com/support/security/index.html

	SCO security advisories via email
		http://www.sco.com/support/forums/security.html

	This security fix closes SCO incidents sr891394 fz530149
	erg712684 CAN-2004-0597 CAN-2004-0598 CAN-2004-0599
	CAN-2004-0768 VU#388984 VU#236656 VU#160448 VU#477512
	VU#817368 VU#286464.


6. Disclaimer

	SCO is not responsible for the misuse of any of the information
	we provide on this website and/or through our security
	advisories. Our advisories are a service to our customers
	intended to promote secure installation and use of SCO
	products.


7. Acknowledgments

	SCO would like to thank Chris Evans for researching and
	reporting these vulnerabilities.

______________________________________________________________________________

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (SCO/UNIX_SVR5)

iD8DBQFBZdG0aqoBO7ipriERAo4yAJ9Jq0kJcbjQ7Pi/aeRbTWk9zsk/owCffQxQ
wl3Jg/u6CafJ0Pqm4OzB3cM=
=y7cQ
- -----END PGP SIGNATURE-----



2.



- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


______________________________________________________________________________

			SCO Security Advisory

Subject:		UnixWare 7.1.3up UnixWare 7.1.4 : CUPS before 1.1.21 allows 
			remote attackers to cause a denial of service
Advisory number: 	SCOSA-2004.15
Issue date: 		2004 October 07
Cross reference:	sr891400 fz530153 erg712688 CAN-2004-0558
______________________________________________________________________________


1. Problem Description

	The Internet Printing Protocol (IPP) implementation in 
	CUPS before 1.1.21 allows remote attackers to cause a 
	denial of service via a certain UDP packet to the IPP port.

	The  Common Vulnerabilities and Exposures project
	(cve.mitre.org) has assigned the following name
	CAN-2004-0558 to this issue.

2. Vulnerable Supported Versions

	System				Binaries
	----------------------------------------------------------------------
	UnixWare 7.1.3up		cups distribution
	UnixWare 7.1.4			cups distribution

3. Solution

	The proper solution is to install the latest packages.

4. UnixWare 7.1.4 / UnixWare 7.1.3up

	4.1 Location of Fixed Binaries

	ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.15

	4.2 Verification

	MD5 (erg712688.pkg) = b5b4183052dd91adf878bd256a943e51

	md5 is available for download from
		ftp://ftp.sco.com/pub/security/tools

	4.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following sequence:

	Download erg712688.pkg to the /var/spool/pkg directory

	# pkgadd -d /var/spool/pkg/erg712688.pkg


5. References

	Specific references for this advisory:
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0558 
		http://xforce.iss.net/xforce/xfdb/17389

	SCO security resources:
		http://www.sco.com/support/security/index.html

	SCO security advisories via email
		http://www.sco.com/support/forums/security.html

	This security fix closes SCO incidents sr891400 fz530153
	erg712688.


6. Disclaimer

	SCO is not responsible for the misuse of any of the information
	we provide on this website and/or through our security
	advisories. Our advisories are a service to our customers
	intended to promote secure installation and use of SCO
	products.


7. Acknowledgments

	SCO would like to thank Alvaro Martinez Echevarria.

______________________________________________________________________________

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (SCO/UNIX_SVR5)

iD8DBQFBZdGXaqoBO7ipriERAsiCAJ9kdQB2Jvdh0PYYdoxTbQvqEimDXgCeK6cf
r6zSuovmtyzJdJcdqRhpzdQ=
=iUVV
- -----END PGP SIGNATURE-----


- ----------------------------------------------------------------------------------

For additional information or assistance, please contact the HELP Desk by 
telephone or Not Protectively Marked information may be sent via 
EMail to: uniras@xxxxxxxxxxxx

Office Hours:
Mon - Fri: 08:30 - 17:00 Hrs
Tel: +44 (0) 870 487 0748 Ext 4511
Fax: +44 (0) 870 487 0749

Outside of Office Hours:
On Call Duty Officer:
Tel: +44 (0) 870 487 0748 and follow the prompts

- ----------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of SCO for the information 
contained in this Briefing. 
- ----------------------------------------------------------------------------------
This Briefing contains the information released by the original author. Some 
of the information may have changed since it was released. If the vulnerability 
affects you, it may be prudent to retrieve the advisory from the canonical site 
to ensure that you receive the most current information concerning that problem.

Reference to any specific commercial product, process, or service by trade 
name, trademark manufacturer, or otherwise, does not constitute or imply 
its endorsement, recommendation, or favouring by UNIRAS or NISCC.  The views 
and opinions of authors expressed within this notice shall not be used for 
advertising or product endorsement purposes.

Neither UNIRAS or NISCC shall also accept responsibility for any errors 
or omissions contained within this briefing notice. In particular, they shall 
not be liable for any loss or damage whatsoever, arising from or in connection 
with the usage of information contained within this notice.

UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST) 
and has contacts with other international Incident Response Teams (IRTs) in 
order to foster cooperation and coordination in incident prevention, to prompt 
rapid reaction to incidents, and to promote information sharing amongst its 
members and the community at large. 
- ----------------------------------------------------------------------------------
<End of UNIRAS Briefing>

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQCVAwUBQW6DR4pao72zK539AQEZmAP/ZOChYDUXDbTSxFbgB9aTLB+YoAX3NjmM
eBJMfM9c2cceD4DXo+YuyyiTncQ4or5cX00PdmqBanxaH9U1faiYb+i+vZiagqOW
YSu5eh5gDUrtzWuIlcppBF20Su0wScY1ZNoZ7cPvihjCmzhqUqtr8zyn19RSu7Xp
A5yh76M7Ays=
=l1ZD
-----END PGP SIGNATURE-----