December 2005
Two SCO Security Advisories: 1. SCOSA-2005.53 - UnixWare 7.1.3 UnixWare 7.1.4 : OpenSSH Multiple Vulnerabilities 2. SCOSA-2005.54 - UnixWare 7.1.3 UnixWare 7.1.4 : uidadmin Buffer Overflow Vulnerability
ID: 01095
Ref: 1027/2005
Date: 14 December 2005:13:44:36
Version: 1
Title: Two SCO Security Advisories: 1. SCOSA-2005.53 - UnixWare 7.1.3 UnixWare 7.1.4 : OpenSSH Multiple Vulnerabilities 2. SCOSA-2005.54 - UnixWare 7.1.3 UnixWare 7.1.4 : uidadmin Buffer Overflow Vulnerability
Abstract:
Vendors affected: SCO
Operating systems affected: SCO
Applications affected: SCO
Title
=====
Two SCO Security Advisories:
1. SCOSA-2005.53 - UnixWare 7.1.3 UnixWare 7.1.4 : OpenSSH Multiple
Vulnerabilities
2. SCOSA-2005.54 - UnixWare 7.1.3 UnixWare 7.1.4 : uidadmin Buffer
Overflow Vulnerability
Detail
======
1. Two security issues have been reported in OpenSSH, which can be
exploited by malicious users to gain escalated privileges or
bypass certain security restrictions.
2. Local exploitation of a buffer overflow vulnerability in the
uidadmin binary allows attackers to gain root privileges.
1.
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SCO Security Advisory
Subject: UnixWare 7.1.3 UnixWare 7.1.4 : OpenSSH Multiple Vulnerabilities
Advisory number: SCOSA-2005.53
Issue date: 2005 December 12
Cross reference: erg712933 fz532978 sr894960
CVE-2005-2797 CVE-2005-2798
______________________________________________________________________________
1. Problem Description
Two security issues have been reported in OpenSSH, which can be
exploited by malicious users to gain escalated privileges or
bypass certain security restrictions.
An error in handling dynamic port forwardings when no listen
address is specified, can cause "GatewayPorts" to be incorrectly
activated.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2005-2797 to this issue.
An error in handling GSSAPI credential delegation can allow a
user, who did not login using GSSAPI authentication, to be
delegated with GSSAPI credentials.
Successful exploitation requires that
"GSSAPIDelegateCredentials" is enabled.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2005-2798 to this issue.
2. Vulnerable Supported Versions
System Binaries
----------------------------------------------------------------------
UnixWare 7.1.3 OpenSSH distribution
UnixWare 7.1.4 OpenSSH distribution
3. Solution
The proper solution is to install the latest packages.
4. UnixWare 7.1.3
4.1 Location of Fixed Binaries
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.53
4.2 Verification
MD5 (openssh-4.2p1.713.image) = 8ca915ee39d4eda9b899c3289e1a4141
md5 is available for download from
ftp://ftp.sco.com/pub/security/tools
4.3 Installing Fixed Binaries
Upgrade the affected binaries with the following sequence:
Download openssh-4.2p1.713.image to the /var/spool/pkg directory.
# pkgadd -d /var/spool/pkg/openssh-4.2p1.713.image
Please note that UnixWare 7.1.3 Maintenance Pack 5 is required
to be installed on the system for OpenSSH to work correctly.
5. UnixWare 7.1.4
5.1 Location of Fixed Binaries
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.53
5.2 Verification
MD5 (openssh-4.2p1.714.image) = b558b5eb19edab7419d5729d51a46b95
md5 is available for download from
ftp://ftp.sco.com/pub/security/tools
5.3 Installing Fixed Binaries
Upgrade the affected binaries with the following sequence:
Download openssh-4.2p1.714.image to the /var/spool/pkg directory.
# pkgadd -d /var/spool/pkg/openssh-4.2p1.714.image
Please note that UnixWare 7.1.4 Maintenance Pack 2 is required
to be installed on the system for OpenSSH to work correctly.
6. References
Specific references for this advisory:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2797
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2798
http://secunia.com/advisories/16686/
http://www.mindrot.org/pipermail/openssh-unix-announce/2005-September/000083.html
SCO security resources:
http://www.sco.com/support/security/index.html
SCO security advisories via email
http://www.sco.com/support/forums/security.html
This security fix closes SCO incidents erg712933 fz532978
sr894960.
7. Disclaimer
SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers
intended to promote secure installation and use of SCO
products.
______________________________________________________________________________
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (UnixWare)
iD8DBQFDnZqHaqoBO7ipriERArdTAJ9rzqHZ3tiN7YkHOOkLOTDsTTpS3QCeJ5wh
5pUr5tBR6ignrNkYeXq1atg=
=nQ8q
- -----END PGP SIGNATURE-----
2.
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SCO Security Advisory
Subject: UnixWare 7.1.3 UnixWare 7.1.4 : uidadmin Buffer Overflow Vulnerability
Advisory number: SCOSA-2005.54
Issue date: 2005 December 12
Cross reference: fz533178
CVE-2005-3903
______________________________________________________________________________
1. Problem Description
Local exploitation of a buffer overflow vulnerability in the
uidadmin binary allows attackers to gain root privileges.
Successful exploitation of this vulnerability requires that user
have local access to the system. This would allow the user to
gain superuser privileges.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2005-3903 to this issue.
2. Vulnerable Supported Versions
System Binaries
----------------------------------------------------------------------
UnixWare 7.1.3 /usr/bin/uidadmin
UnixWare 7.1.4 /usr/bin/uidadmin
3. Solution
The proper solution is to install the latest packages.
4. UnixWare 7.1.3
4.1 Location of Fixed Binaries
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.54
4.2 Verification
MD5 (p533178.image) = 612805326316c16e07d632d3e0d1a82e
md5 is available for download from
ftp://ftp.sco.com/pub/security/tools
4.3 Installing Fixed Binaries
Upgrade the affected binaries with the following sequence:
Download p533178.image to the /var/spool/pkg directory.
# pkgadd -d /var/spool/pkg/p533178.image
Note that UnixWare 7.1.3 Maintenance Pack 5 is required to
be installed before you can install this package.
5. UnixWare 7.1.4
5.1 Location of Fixed Binaries
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.54
5.2 Verification
MD5 (p533178.image) = 612805326316c16e07d632d3e0d1a82e
md5 is available for download from
ftp://ftp.sco.com/pub/security/tools
5.3 Installing Fixed Binaries
Upgrade the affected binaries with the following sequence:
Download p533178.image to the /var/spool/pkg directory.
# pkgadd -d /var/spool/pkg/p533178.image
6. References
Specific references for this advisory:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3903
SCO security resources:
http://www.sco.com/support/security/index.html
SCO security advisories via email
http://www.sco.com/support/forums/security.html
This security fix closes SCO incidents fz533178.
7. Disclaimer
SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers
intended to promote secure installation and use of SCO
products.
8. Acknowledgments
SCO would like to thanks iDEFENSE for reporting this
vulnerability.
______________________________________________________________________________
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (UnixWare)
iD8DBQFDnZY7aqoBO7ipriERAjY6AJ9MLLNx6UYHYSyp1rpxhjPCW9sgTgCgq3tG
kR/xECcQlsYY2m5dJSxh/G4=
=jDrc
- -----END PGP SIGNATURE-----