Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > October 2005 > SCO Security Advisories - OpenServer 5.0.7 OpenServer 6.0.0: Xpdf PDF Viewer Multiple Vulnerabilities; UnixWare 7.1.4 UnixWare 7.1.3: ppp buffer overflow; OpenServer 5.0.7: authsh and backupsh buffer overflow

October 2005

SCO Security Advisories - OpenServer 5.0.7 OpenServer 6.0.0: Xpdf PDF Viewer Multiple Vulnerabilities; UnixWare 7.1.4 UnixWare 7.1.3: ppp buffer overflow; OpenServer 5.0.7: authsh and backupsh buffer overflow

ID: 00925
Ref: 865/2005
Date: 21 October 2005:09:10:26
Version: 1
Title: SCO Security Advisories - OpenServer 5.0.7 OpenServer 6.0.0: Xpdf PDF Viewer Multiple Vulnerabilities; UnixWare 7.1.4 UnixWare 7.1.3: ppp buffer overflow; OpenServer 5.0.7: authsh and backupsh buffer overflow
Abstract: Description of a number of vulnerabilities in SCO products.
Vendors affected: SCO
Operating systems affected: SCO
Applications affected: SCO
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________

SCO Security Advisory

Subject: OpenServer 5.0.7 OpenServer 6.0.0 : Xpdf PDF Viewer Multiple Vulnerabilities
Advisory number: SCOSA-2005.42
Issue date: 2005 October 18
Cross reference: sr894841 fz532914 erg712913
sr894861 fz532913 erg712914
CAN-2004-1125 CAN-2005-0064 CAN-2005-2097
______________________________________________________________________________


1. Problem Description

Xpdf is an open-source viewer for Portable Document Format (PDF)
files.

Buffer overflow in xpdf 3.00, allows remote attackers to cause a
denial of service (application crash) and possibly execute
arbitrary code via a crafted PDF file that causes the boundaries
of a maskColors array to be exceeded.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2004-1125 to this issue.

Buffer overflow in xpdf 3.00 and earlier allows remote attackers
to execute arbitrary code via a PDF file with a large /Encrypt
/Length keyLength value.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2005-0064 to this issue.

xpdf do not properly validate the "loca" table in PDF files, which
allows local users to cause a denial of service (disk consumption
and hang) via a PDF file with a "broken" loca table, which causes
a large temporary file to be created when xpdf attempts to
reconstruct the information.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2005-2097 to this issue.


2. Vulnerable Supported Versions

System Binaries
----------------------------------------------------------------------
OpenServer 5.0.7 xpdf distribution
OpenServer 6.0.0 xpdf distribution


3. Solution

The proper solution is to install the latest packages.


4. OpenServer 5.0.7

4.1 Location of Fixed Binaries

ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.42/507


4.2 Verification

MD5 (VOL.000.000) = 91322dcd210248ba4607235cb3e09436
MD5 (VOL.000.001) = c846cdfce81f1487c3684ee3af046fa5
MD5 (VOL.000.002) = be20d0832276353840517a3315853044
MD5 (VOL.000.003) = 748004313dcaf8827edc261ee196c035

md5 is available for download from
ftp://ftp.sco.com/pub/security/tools


4.3 Installing Fixed Binaries

Upgrade the affected binaries with the following sequence:

1) Download the VOL* files to a directory

2) Run the custom command, specify an install from media
images, and specify the directory as the location of the
images.


5. OpenServer 6.0.0

5.1 Location of Fixed Binaries

ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.42/600


5.2 Verification

MD5 (VOL.000.000) = 2aa83f054b614c2db53418111bd2bfb0
MD5 (VOL.000.001) = e93806f0d79c1f9a925aeed1f4b7f659
MD5 (VOL.000.002) = 130e116d8463b57592955064a6e86fd6
MD5 (VOL.000.003) = a2d2a47f067527aa5a28c1a9721257b6

md5 is available for download from
ftp://ftp.sco.com/pub/security/tools


5.3 Installing Fixed Binaries

Upgrade the affected binaries with the following sequence:

1) Download the VOL* files to a directory

2) Run the custom command, specify an install from media
images, and specify the directory as the location of the
images.


6. References

Specific references for this advisory:
http://www.idefense.com/application/poi/display?id=172&type=vulnerabilities
http://www.idefense.com/application/poi/display?id=186&type=vulnerabilities
http://lists.grok.org.uk/pipermail/full-disclosure/2004-December/030241.html

SCO security resources:
http://www.sco.com/support/security/index.html
SCO security advisories via email
http://www.sco.com/support/forums/security.html

This security fix closes SCO incidents:
sr894841 fz532914 erg712913
sr894861 fz532913 erg712914


7. Disclaimer

SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers
intended to promote secure installation and use of SCO
products.

______________________________________________________________________________

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (UnixWare)

iD8DBQFDVWDWaqoBO7ipriERAmJgAJ0d2AivC+71xWSPdrXYhJKpml0t3QCfSJiF
ka+J/vTtjx3Te+mMsG+ldeI=
=d7RF
- -----END PGP SIGNATURE-----



- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


______________________________________________________________________________

SCO Security Advisory

Subject: UnixWare 7.1.4 UnixWare 7.1.3 : ppp buffer overflow
Advisory number: SCOSA-2005.41
Issue date: 2005 October 20
Cross reference: sr894991 fz532994 erg712940 CAN-2005-2927
______________________________________________________________________________


1. Problem Description

iDEFENSE has identified a Buffer Overflow vulnerability in
SCO Unixware ppp prompt. Local exploitation of a buffer
overflow vulnerability in the ppp binary, allows attackers
to gain root privileges.

This could lead to the execution of arbitrary code with root
privileges, as ppp is setuid root by default.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the following name CAN-2005-2927 to this issue.

2. Vulnerable Supported Versions

System Binaries
----------------------------------------------------------------------
UnixWare 7.1.4 /usr/bin/ppptalk
UnixWare 7.1.3 /usr/bin/ppptalk

3. Solution

The proper solution is to install the latest packages.

4. UnixWare 7.1.4

4.1 Location of Fixed Binaries

ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.41

4.2 Verification

MD5 (erg712940.uw714.pkg.Z) = d47a9958e6dfd44c9b95e1d9489011f4

md5 is available for download from
ftp://ftp.sco.com/pub/security/tools

4.3 Installing Fixed Binaries

Upgrade the affected binaries with the following sequence:

Download erg712940.uw714.pkg.Z to the /var/spool/pkg directory

# uncompress /var/spool/pkg/erg712940.uw714.pkg.Z
# pkgadd -d /var/spool/pkg/erg712940.uw714.pkg


5. UnixWare 7.1.3

5.1 Location of Fixed Binaries

ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.41

5.2 Verification

MD5 (erg712940.uw713.pkg.Z) = 474799fc2cda9db5c486880599e1cdcc

md5 is available for download from
ftp://ftp.sco.com/pub/security/tools

5.3 Installing Fixed Binaries

Upgrade the affected binaries with the following sequence:

Download erg712940.uw713.pkg.Z to the /var/spool/pkg directory

# uncompress /var/spool/pkg/erg712940.uw713.pkg.Z
# pkgadd -d /var/spool/pkg/erg712940.uw713.pkg


6. References

Specific references for this advisory:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2927

SCO security resources:
http://www.sco.com/support/security/index.html

SCO security advisories via email
http://www.sco.com/support/forums/security.html

This security fix closes SCO incidents sr894991 fz532994
erg712940.


7. Disclaimer

SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers
intended to promote secure installation and use of SCO
products.


8. Acknowledgments

The SCO Group would like to thank iDefense for discovering and
reporting this weakness.

______________________________________________________________________________

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAkNX5ZkACgkQaqoBO7ipriGOfQCgqXtzz8CfZImq2AYbNNRFHWf3
wxQAn3uS7ub+wfZ6/mmWiSrhqchVAHVP
=H1lb
- -----END PGP SIGNATURE-----



- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________

SCO Security Advisory

Subject: OpenServer 5.0.7 : authsh and backupsh buffer overflow
Advisory number: SCOSA-2005.40
Issue date: 2005 October 20
Cross reference: sr894990 fz532992 erg712939 sr894993 fz532995 erg712941 CAN-2005-2926
______________________________________________________________________________


1. Problem Description

iDEFENSE has identified a Buffer Overflow vulnerability in
SCO Openserver backupsh. The backupsh utility is a standard
binary distributed with Openserver 5.0.7 and earlier.

Local attackers could supply a specially crafted string to
overflow a stack buffer and execute arbitrary code with group
backup privileges. Successful exploitation of this vulnerability
will result in execution of arbitrary code with permissions
of the running process. The binary is setgid backup by
default and can be used by attackers with a local account
to gain backup privileges.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2005-2926 to this issue.


2. Vulnerable Supported Versions

System Binaries
----------------------------------------------------------------------
OpenServer 5.0.7 /usr/lib/sysadm/authsh
/usr/lib/sysadm/backupsh

3. Solution

The proper solution is to install the latest packages.

4. OpenServer 5.0.7

4.1 Location of Fixed Binaries

ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.40

4.2 Verification

MD5 (VOL.000.000) = ebcf85edb0e7c8c0a3af4cec65a27ed7

md5 is available for download from
ftp://ftp.sco.com/pub/security/tools

4.3 Installing Fixed Binaries

Upgrade the affected binaries with the following sequence:

1) Download the VOL* files to a directory

2) Run the custom command, specify an install from media
images, and specify the directory as the location of the
images.


5. References

Specific references for this advisory:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2926

SCO security resources:
http://www.sco.com/support/security/index.html

SCO security advisories via email
http://www.sco.com/support/forums/security.html

This security fix closes SCO incidents sr894990 fz532992
erg712939 sr894993 fz532995 erg712941.


6. Disclaimer

SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers
intended to promote secure installation and use of SCO
products.


7. Acknowledgments

SCO would like to thank iDefense for discovering and reporting
this weakness.

______________________________________________________________________________

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAkNX5bQACgkQaqoBO7ipriHu4wCgo+xDebe8Xjzx8xa46L1wgRCf
UTsAoJQjHfZNCfgLUXhnZK1N7PkDEpGG
=j+3D
- -----END PGP SIGNATURE-----
  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |