[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

UNIRAS Brief - 306/06 - Four SCO Security Advisories:



-----BEGIN PGP SIGNED MESSAGE-----

- ----------------------------------------------------------------------------------
   UNIRAS (UK Govt CERT) Briefing Notice - 306/06 dated 24.04.06  Time: 13:45  
  UNIRAS is part of NISCC (National Infrastructure Security Co-ordination Centre)
- ---------------------------------------------------------------------------------- 
  UNIRAS material is also available from its website at www.uniras.gov.uk and
         Information about NISCC is available from www.niscc.gov.uk
- ----------------------------------------------------------------------------------

Title
=====

Four SCO Security Advisories:

1. SCOSA-2006.19 - OpenServer 5.0.7 OpenServer 6.0.0 : GhostScript Insecure Temporary 
File Creation Vulnerability

2. SCOSA-2006.20 OpenServer 5.0.7 OpenServer 6.0.0 : CUPS Multiple Buffer Overflow 
Vulnerabilities

3. SCOSA-2006.21 UnixWare 7.1.4 : CUPS Multiple Buffer Overflow Vulnerabilities

4. SCOSA-2006.22 UnixWare 7.1.3 UnixWare 7.1.4 : X Server Arbitrary Code Execution

Detail
====== 

1. Ghostscript is affected by an insecure temporary file creation
vulnerability.  This issue is likely due to a design error
that causes the application to fail to verify the existence
of a file before writing to it.

2. Some vulnerabilities have been reported in CUPS, which can
be exploited by malicious people to cause a DoS (Denial of
Service) and potentially to compromise a vulnerable system.

3. Some vulnerabilities have been reported in CUPS, which can
be exploited by malicious people to cause a DoS (Denial of
Service) and potentially to compromise a vulnerable system.
	
4. Multiple X Window System server applications share code
that may contain a flaw in the memory allocation for large
pixmaps. The affected products include X server applications.




1.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________

			SCO Security Advisory

Subject:		OpenServer 5.0.7 OpenServer 6.0.0 : GhostScript Insecure Temporary 
			File Creation Vulnerability
Advisory number: 	SCOSA-2006.19
Issue date: 		2006 April 11
Cross reference:	fz533156
			CVE-2004-0967 
______________________________________________________________________________


1. Problem Description

	Ghostscript is affected by an insecure temporary file creation
	vulnerability.  This issue is likely due to a design error
	that causes the application to fail to verify the existence
	of a file before writing to it.
	
	An attacker may leverage this issue to overwrite arbitrary
	files with the privileges of an unsuspecting user that
	activates the vulnerable application.  Reportedly this issue
	is unlikely to facilitate privilege escalation.
	
	The Common Vulnerabilities and Exposures project
	(cve.mitre.org) has assigned the name CVE-2004-0967 to
	this issue.


2. Vulnerable Supported Versions

	System				Binaries
	----------------------------------------------------------------------
	OpenServer 5.0.7 		Ghostscript package
	OpenServer 6.0.0 		Ghostscript package


3. Solution

	The proper solution is to install the latest packages.


4. OpenServer 5.0.7

	4.1 Location of Fixed Binaries

	ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.19


	4.2 Verification

	MD5 (p533156.507_vol.tar) = ae7c290a3b686c4bc01bdd0dc4adc1af

	md5 is available for download from
		ftp://ftp.sco.com/pub/security/tools


	4.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following sequence:

	1) Download p533156.507_vol.tar to a directory.

	2) Extract VOL* files.

	   # tar xvf p533156.507_vol.tar

	3) Run the custom command, specify an install
	   from media images, and specify the directory as
	   the location of the images.


5. OpenServer 6.0.0

	5.1 Location of Fixed Binaries

	ftp://ftp.sco.com/pub/openserver6/600/mp/osr600mp2/osr600mp2.iso


	5.2 Verification

	MD5 (osr600mp2.iso) = 7e560dcde374eb60df2b4a599ac20d8a

	md5 is available for download from
		ftp://ftp.sco.com/pub/security/tools


	5.3 Installing Fixed Binaries

	See the SCO OpenServer Release 6.0.0 Maintenance Pack 2 Release
	and Installation Notes:

	ftp://ftp.sco.com/pub/openserver6/600/mp/osr600mp2/osr600mp2.html


6. References

	Specific references for this advisory:
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0967
		http://www.securityfocus.com/bid/11285/references 
		http://secunia.com/advisories/12903/

	SCO security resources:
		http://www.sco.com/support/security/index.html

	SCO security advisories via email
		http://www.sco.com/support/forums/security.html

	This security fix closes SCO incidents fz533156.


7. Disclaimer

	SCO is not responsible for the misuse of any of the information
	we provide on this website and/or through our security
	advisories. Our advisories are a service to our customers intended
	to promote secure installation and use of SCO products.


8. Acknowledgments

	Trustix security engineers are credited with the discovery of
	this vulnerability.

______________________________________________________________________________
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (SCO_SV)

iD8DBQFERlx3aqoBO7ipriERAsWeAJ4uhzNaylgXpqAP9cY+Ce+gPAN/XgCfYzKg
W6DW022ARU40uLzbzj8gzV8=
=zQ8e
- -----END PGP SIGNATURE-----



2.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________

			SCO Security Advisory

Subject:		OpenServer 5.0.7 OpenServer 6.0.0 : CUPS Multiple Buffer Overflow Vulnerabilities
Advisory number: 	SCOSA-2006.20
Issue date: 		2006 April 18
Cross reference:	fz533446
			CVE-2005-3191 CVE-2005-3192 CVE-2005-3193 
______________________________________________________________________________


1. Problem Description

	Some vulnerabilities have been reported in CUPS, which can
	be exploited by malicious people to cause a DoS (Denial of
	Service) and potentially to compromise a vulnerable system.
	
	The vulnerabilities are caused due to the use of a vulnerable
	version of Xpdf.
	
	The Common Vulnerabilities and Exposures project
	(cve.mitre.org) has assigned the names CVE-2005-3191,
	CVE-2005-3192, and CVE-2005-3193 to these issues.


2. Vulnerable Supported Versions

	System				Binaries
	----------------------------------------------------------------------
	OpenServer 5.0.7 		Cups package
	OpenServer 6.0.0 		Cups package


3. Solution

	The proper solution is to install the latest packages.


4. OpenServer 5.0.7

	4.1 Location of Fixed Binaries

	ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.20


	4.2 Verification

	MD5 (p533446.507_vol.tar) = 6150ddaec1548e98e543ae030b2c9de4

	md5 is available for download from
		ftp://ftp.sco.com/pub/security/tools


	4.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following sequence:

	1) Download p533446.507_vol.tar to a directory.

	2) Extract VOL* files.

	   # tar xvf p533446.507_vol.tar

	3) Run the custom command, specify an install
	   from media images, and specify the directory as
	   the location of the images.


5. OpenServer 6.0.0

	5.1 Location of Fixed Binaries

	ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.20


	5.2 Verification

	MD5 (p533446.600_vol.tar) = c4e87cee43acf3e6a55d0416601c92a6

	md5 is available for download from
		ftp://ftp.sco.com/pub/security/tools


	5.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following sequence:

	1) Download p533446.600_vol.tar to a directory.

	2) Extract VOL* files.

	   # tar xvf p533446.600_vol.tar

	3) Run the custom command, specify an install
	   from media images, and specify the directory as
	   the location of the images.


6. References

	Specific references for this advisory:
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3191
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3192
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3193
		http://secunia.com/advisories/17976/

	SCO security resources:
		http://www.sco.com/support/security/index.html

	SCO security advisories via email
		http://www.sco.com/support/forums/security.html

	This security fix closes SCO incidents fz533446.


7. Disclaimer

	SCO is not responsible for the misuse of any of the information
	we provide on this website and/or through our security
	advisories. Our advisories are a service to our customers intended
	to promote secure installation and use of SCO products.


______________________________________________________________________________
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (SCO_SV)

iD8DBQFERVAUaqoBO7ipriERAoq6AJ4rV8/X01VWf+DQ33T4P4vVtDR5cwCfQiOP
09BcDpxsRtRb5saMVbPOsVs=
=TlR1
- -----END PGP SIGNATURE-----



3.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________

			SCO Security Advisory

Subject:		UnixWare 7.1.4 : CUPS Multiple Buffer Overflow Vulnerabilities
Advisory number: 	SCOSA-2006.21
Issue date: 		2006 April 18
Cross reference:	fz533446
			CVE-2005-3191 CVE-2005-3192 CVE-2005-3193 
______________________________________________________________________________


1. Problem Description

	Some vulnerabilities have been reported in CUPS, which can
	be exploited by malicious people to cause a DoS (Denial of
	Service) and potentially to compromise a vulnerable system.
	
	The vulnerabilities are caused due to the use of a vulnerable
	version of Xpdf.
	
	The Common Vulnerabilities and Exposures project
	(cve.mitre.org) has assigned the names CVE-2005-3191,
	CVE-2005-3192, and CVE-2005-3193 to these issues.


2. Vulnerable Supported Versions

	System				Binaries
	----------------------------------------------------------------------
	UnixWare 7.1.4			Cups package


3. Solution

	The proper solution is to install the latest packages.


4. UnixWare 7.1.4

	4.1 Location of Fixed Binaries

	ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.21


	4.2 Verification

	MD5 (p533446.714.image) = 1bbbd92df9260f0ac32cf27ad03b4532

	md5 is available for download from
		ftp://ftp.sco.com/pub/security/tools


	4.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following sequence:

	Download p533446.714.image to the /var/spool/pkg directory

	# pkgadd -d /var/spool/pkg/p533446.714.image


5. References

	Specific references for this advisory:
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3191
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3192
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3193
		http://secunia.com/advisories/17976/

	SCO security resources:
		http://www.sco.com/support/security/index.html

	SCO security advisories via email
		http://www.sco.com/support/forums/security.html

	This security fix closes SCO incidents fz533446.


6. Disclaimer

	SCO is not responsible for the misuse of any of the information
	we provide on this website and/or through our security
	advisories. Our advisories are a service to our customers intended
	to promote secure installation and use of SCO products.


______________________________________________________________________________
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (SCO_SV)

iD8DBQFERlkmaqoBO7ipriERAk7zAJ0Q+vs/nCHC44LI9s1Am73hFqJacACfYkhQ
OwhdzIoyILAJA3ZkI1bpi/A=
=s7Zo
- -----END PGP SIGNATURE-----



4.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________

			SCO Security Advisory

Subject:		UnixWare 7.1.3 UnixWare 7.1.4 : X Server Arbitrary Code Execution Vulnerability
Advisory number: 	SCOSA-2006.22
Issue date: 		2006 April 21
Cross reference:	fz532989
			CVE-2005-2495 
______________________________________________________________________________


1. Problem Description

	Multiple X Window System server applications share code
	that may contain a flaw in the memory allocation for large
	pixmaps. The affected products include X server applications.
	
	An integer overflow condition may result in a memory allocation
	request returning an allocated region that is incorrectly
	sized. The client may then be able to use the XDrawPoint()
	and XGetImage() functions to read and write to arbitrary
	locations in the X server's address space.
	
	A malicious local authenticated attacker may be able to
	execute arbitrary code with the privileges of the X server.
	
	The Common Vulnerabilities and Exposures project
	(cve.mitre.org) has assigned the name CVE-2005-2495 to
	this issue.


2. Vulnerable Supported Versions

	System				Binaries
	----------------------------------------------------------------------
	UnixWare 7.1.3			xserver package
	UnixWare 7.1.4			xserver package


3. Solution

	The proper solution is to install the latest packages.


4. UnixWare 7.1.3

	4.1 Location of Fixed Binaries

	ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.22


	4.2 Verification

	MD5 (p532989.713.image) = f0c513384ff2aebb2b1d172ddbb27a6b

	md5 is available for download from
		ftp://ftp.sco.com/pub/security/tools


	4.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following sequence:

	Download p532989.713.image to the /var/spool/pkg directory

	# pkgadd -d /var/spool/pkg/p532989.713.image


5. UnixWare 7.1.4

	5.1 Location of Fixed Binaries

	ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.22


	5.2 Verification

	MD5 (p532989.714.image) = 033d004c0aefa9f922d3aab971d8a801

	md5 is available for download from
		ftp://ftp.sco.com/pub/security/tools


	5.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following sequence:

	Download p532989.714.image to the /var/spool/pkg directory

	# pkgadd -d /var/spool/pkg/p532989.714.image


6. References

	Specific references for this advisory:
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2495
		http://www.kb.cert.org/vuls/id/102441 
		https://bugs.freedesktop.org/show_bug.cgi?id=594 
		http://secunia.com/advisories/16790/ 
		http://secunia.com/advisories/16777/

	SCO security resources:
		http://www.sco.com/support/security/index.html

	SCO security advisories via email
		http://www.sco.com/support/forums/security.html

	This security fix closes SCO incidents fz532989.


7. Disclaimer

	SCO is not responsible for the misuse of any of the information
	we provide on this website and/or through our security
	advisories. Our advisories are a service to our customers intended
	to promote secure installation and use of SCO products.


8. Acknowledgments

	Thanks to Luke Hutchison and Søren Sandmann Pedersen for reporting
	this vulnerability.

______________________________________________________________________________
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (SCO_SV)

iD8DBQFESUBSaqoBO7ipriERAtCfAJ9lnTqRHiZ5/tNxA2+9TP4YFaEWRgCeIpJ/
nCmIhZDLEc3hFHaNZaDXV8c=
=+ecN
- -----END PGP SIGNATURE-----


- ----------------------------------------------------------------------------------

For additional information or assistance, please contact the HELP Desk by 
telephone or Not Protectively Marked information may be sent via 
EMail to: uniras@xxxxxxxxxxxx

Office Hours:
Mon - Fri: 08:30 - 17:00 Hrs
Tel: +44 (0) 870 487 0748 Ext 4511
Fax: +44 (0) 870 487 0749

Outside of Office Hours:
On Call Duty Officer:
Tel: +44 (0) 870 487 0748 and follow the prompts

- ----------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of SCO for the information 
contained in this Briefing. 
- ----------------------------------------------------------------------------------
This Briefing contains the information released by the original author. Some 
of the information may have changed since it was released. If the vulnerability 
affects you, it may be prudent to retrieve the advisory from the site of the
original source to ensure that you receive the most current information concerning 
that problem.

Reference to any specific commercial product, process, or service by trade 
name, trademark manufacturer, or otherwise, does not constitute or imply 
its endorsement, recommendation, or favouring by UNIRAS or NISCC.  The views 
and opinions of authors expressed within this notice shall not be used for 
advertising or product endorsement purposes.

Neither UNIRAS or NISCC shall also accept responsibility for any errors 
or omissions contained within this briefing notice. In particular, they shall 
not be liable for any loss or damage whatsoever, arising from or in connection 
with the usage of information contained within this notice.

UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST) 
and has contacts with other international Incident Response Teams (IRTs) in 
order to foster cooperation and coordination in incident prevention, to prompt 
rapid reaction to incidents, and to promote information sharing amongst its 
members and the community at large. 
- ----------------------------------------------------------------------------------
<End of UNIRAS Briefing>

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQCVAwUBREzI34pao72zK539AQGa7QP8CxLXx9Ij/dL+Lby5HyFrs+MPSsYDpa+e
mG/qWNSEVcrDisZk6MbOW3PtEwwd2cYDsIwd4X7otX0uHfT48vraMgGgaoIAy0/B
PSoQQ4hR2IdIXuJXeMf9h5K+qwQvEzzYjMiSZOocISfEa/+oYLl1tji5Hx3yaRL8
4EfMhikN2ZE=
=ZG/v
-----END PGP SIGNATURE-----


______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________