Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > December 2005 > Three SCO Security Advisories

December 2005

Three SCO Security Advisories

ID: 01104
Ref: 1036/2005
Date: 15 December 2005:12:12:03
Version: 1
Title: Three SCO Security Advisories
Abstract:
Vendors affected: SCO
Operating systems affected: SCO
Applications affected: SCO
Title
=====

Three SCO Security Advisories:

1. SCOSA-2005.55 UnixWare 7.1.3 UnixWare 7.1.4 : Lynx Command Injection
Vulnerability

2. SCOSA-2005.56 UnixWare 7.1.3 UnixWare 7.1.4 : Xloadimage NIFF Image
Title Handling Buffer Overflow Vulnerability

3. SCOSA-2005.57 UnixWare 7.1.3 UnixWare 7.1.4 : LibXpm Integer Overflow
Vulnerability

Detail
======

1. Remote exploitation of a command injection vulnerability could
allow attackers to execute arbitrary commands with the
privileges of the underlying user.

2. A buffer overflow in xloadimage, might allow user-complicit
attackers to execute arbitrary code via a long title name in a
NIFF file, which triggers the overflow during (1) zoom, (2)
reduce, or (3) rotate operations.

3. An integer overflow vulnerability in libXpm can be exploited by
a remote user to cause arbitrary code to be executed


1.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________

SCO Security Advisory

Subject: UnixWare 7.1.3 UnixWare 7.1.4 : Lynx Command Injection Vulnerability
Advisory number: SCOSA-2005.55
Issue date: 2005 December 14
Cross reference: fz533314
CVE-2005-2929

______________________________________________________________________________


1. Problem Description

Remote exploitation of a command injection vulnerability could
allow attackers to execute arbitrary commands with the
privileges of the underlying user.

The problem specifically exists within the feature to execute
local cgi-bin programs via the "lynxcgi:" URI handler. The
handler is generally intended to be restricted to a specific
directory or program(s). However, due to a configuration error
on multiple platforms, the default settings allow for arbitrary
websites to specify commands to run as the user running Lynx.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2005-2929 to this issue.


2. Vulnerable Supported Versions

System Binaries
----------------------------------------------------------------------
UnixWare 7.1.3 /usr/gnu/bin/lynx
UnixWare 7.1.4 /usr/gnu/bin/lynx


3. Solution

The proper solution is to install the latest packages.


4. UnixWare 7.1.3 and UnixWare 7.1.4

4.1 Location of Fixed Binaries

ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.55


4.2 Verification

MD5 (p533314.image) = 5f961a4297468def32fb81285bbed2fb

md5 is available for download from
ftp://ftp.sco.com/pub/security/tools


4.3 Installing Fixed Binaries

Upgrade the affected binaries with the following sequence:

Download p533314.image to the /var/spool/pkg directory.

# pkgadd -d /var/spool/pkg/p533314.image


5. References

Specific references for this advisory:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2929
http://securitytracker.com/id?1015195
http://www.idefense.com/application/poi/display?id=338&type=vulnerabilities
http://www.securityfocus.com/bid/15395

SCO security resources:
http://www.sco.com/support/security/index.html

SCO security advisories via email
http://www.sco.com/support/forums/security.html

This security fix closes SCO incidents fz533314.


6. Disclaimer

SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers
intended to promote secure installation and use of SCO
products.

______________________________________________________________________________
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (UnixWare)

iD8DBQFDoD5/aqoBO7ipriERAu5XAJ0eLYbSUkNuMKHS0WFXQFCVLvy0XACgow5y
vbesaQnqepN2NpZ45isR5Zg=
=/0ET
- -----END PGP SIGNATURE-----


2.

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________

SCO Security Advisory

Subject: UnixWare 7.1.3 UnixWare 7.1.4 : Xloadimage NIFF Image Title
Handling Buffer Overflow Vulnerability
Advisory number: SCOSA-2005.56
Issue date: 2005 December 14
Cross reference: fz533253
CVE-2005-3178
______________________________________________________________________________


1. Problem Description

A buffer overflow in xloadimage, might allow user-complicit
attackers to execute arbitrary code via a long title name in a
NIFF file, which triggers the overflow during (1) zoom, (2)
reduce, or (3) rotate operations.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2005-3178 to this issue.


2. Vulnerable Supported Versions

System Binaries
----------------------------------------------------------------------
UnixWare 7.1.3 /usr/X/bin/xloadimage
UnixWare 7.1.4 /usr/X/bin/xloadimage


3. Solution

The proper solution is to install the latest packages.


4. UnixWare 7.1.3 and UnixWare 7.1.4

4.1 Location of Fixed Binaries

ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.56


4.2 Verification

MD5 (p533253.image) = 43902213db833db30b33ca9b84b08394

md5 is available for download from
ftp://ftp.sco.com/pub/security/tools


4.3 Installing Fixed Binaries

Upgrade the affected binaries with the following sequence:

Download p533253.image to the /var/spool/pkg directory.

# pkgadd -d /var/spool/pkg/p533253.image


5. References

Specific references for this advisory:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3178
http://secunia.com/advisories/17087
http://securitytracker.com/id?1015072
http://www.securityfocus.com/bid/15051

SCO security resources:
http://www.sco.com/support/security/index.html

SCO security advisories via email
http://www.sco.com/support/forums/security.html

This security fix closes SCO incidents fz533253.


6. Disclaimer

SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers
intended to promote secure installation and use of SCO
products.


7. Acknowledgments

SCO would like to thank Ariel Berkman for reporting this
vulnerability.

______________________________________________________________________________
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (UnixWare)

iD8DBQFDoD5baqoBO7ipriERAs+GAKCaV7V6sPMd+SU8wyueTl+6fCRKzQCfaW/X
3m5pTykcV+CTGRlc2czFagM=
=k+bm
- -----END PGP SIGNATURE-----


3.

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________

SCO Security Advisory

Subject: UnixWare 7.1.3 UnixWare 7.1.4 : LibXpm Integer Overflow Vulnerability
Advisory number: SCOSA-2005.57
Issue date: 2005 December 14
Cross reference: fz533161
CVE-2005-0605

______________________________________________________________________________


1. Problem Description

An integer overflow vulnerability in libXpm can be exploited by
a remote user to cause arbitrary code to be executed.

The 'scan.c' code does not properly validate user-supplied data
contained in image files. A remote user can create a specially
crafted image file that, when processed by the target user or
application, will trigger the overflow and execute arbitrary
code.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2005-0605 to this issue.


2. Vulnerable Supported Versions

System Binaries
----------------------------------------------------------------------
UnixWare 7.1.3 /usr/X/lib/libXm.so.1.3
UnixWare 7.1.4 /usr/X/lib/libXm.so.1.3


3. Solution

The proper solution is to install the latest packages.


4. UnixWare 7.1.3 and UnixWare 7.1.4

4.1 Location of Fixed Binaries

ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.57


4.2 Verification

MD5 (p533161.image) = 6f62070f68f163ebd382a13f12cde865

md5 is available for download from
ftp://ftp.sco.com/pub/security/tools


4.3 Installing Fixed Binaries

Upgrade the affected binaries with the following sequence:

Download p533161.image to the /var/spool/pkg directory.

# pkgadd -d /var/spool/pkg/p533161.image


5. References

Specific references for this advisory:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0605
http://securitytracker.com/id?1013339
http://www.securityfocus.com/bid/12714
https://bugs.freedesktop.org/attachment.cgi?id=1909

SCO security resources:
http://www.sco.com/support/security/index.html

SCO security advisories via email
http://www.sco.com/support/forums/security.html

This security fix closes SCO incidents fz533161.


6. Disclaimer

SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers
intended to promote secure installation and use of SCO
products.

______________________________________________________________________________
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (UnixWare)

iD8DBQFDoEj/aqoBO7ipriERAtDYAKCnw33otb2IwyGYN+yAk+6UeXWm5QCePOGV
X9vfRbTzt181EzJ4IC80FJY=
=G+Fe
- -----END PGP SIGNATURE-----
  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |