January 2006
SCO Security Advisories
ID: 00049
Ref: 48/2006
Date: 16 January 2006:11:43:53
Version: 1
Title: SCO Security Advisories
Abstract: OpenServer 5.0.7 OpenServer 6.0.0 : REVISED Lynx Multiple Vulnerabilities OpenServer 5.0.6 OpenServer 5.0.7 OpenServer 6.0.0 : GTK+ gdk-pixbuf XPM Loader Heap Overflow Vulnerability
Vendors affected: SCO
Operating systems affected: SCO
Applications affected: SCO
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SCO Security Advisory
Subject: OpenServer 5.0.7 OpenServer 6.0.0 : REVISED Lynx Multiple Vulnerabilities
Advisory number: SCOSA-2006.7.1
Issue date: 2006 January 13
Cross reference: SCOSA-2006.7
fz533159 fz533314
CVE-2005-2929 CVE-2005-3120
______________________________________________________________________________
1. Revision Note
This is a revision of the SCOSA-2006.7 security advisory.
The -justify option was mistakenly dropped. This option is now
reinstated. Additionally lynx has been updated to version
2.8.5dev.8.
2. Problem Description
Lynx NNTP Buffer Overflow Vulnerability:
Ulf Harnhammar has reported a vulnerability in Lynx, which can
be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error in the
"HTrjis()" function in the handling of article headers sent from
NNTP (Network News Transfer Protocol) servers. This can be
exploited to cause a stack-based buffer overflow by e.g.
tricking a user into visiting a malicious web site which
redirects to a malicious NNTP server via the "nntp:" URI
handler.
Successful exploitation allows execution of arbitrary code.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2005-3120 to this issue.
Lynx Command Injection Vulnerability:
Remote exploitation of a command injection vulnerability could
allow attackers to execute arbitrary commands with the
privileges of the underlying user.
The problem specifically exists within the feature to execute
local cgi-bin programs via the "lynxcgi:" URI handler. The
handler is generally intended to be restricted to a specific
directory or program(s). However, due to a configuration error
on multiple platforms, the default settings allow for arbitrary
websites to specify commands to run as the user running Lynx.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2005-2929 to this issue.
3. Vulnerable Supported Versions
System Binaries
----------------------------------------------------------------------
OpenServer 5.0.7 /usr/bin/lynx
OpenServer 6.0.0 /usr/bin/lynx
4. Solution
The proper solution is to install the latest packages.
5. OpenServer 5.0.7
5.1 Location of Fixed Binaries
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.7.1
5.2 Verification
MD5 (p533159.507_vol.tar) = 6be99937d460b7efc822a7c3d59b7ecb
md5 is available for download from
ftp://ftp.sco.com/pub/security/tools
5.3 Installing Fixed Binaries
Upgrade the affected binaries with the following sequence:
1) Download p533159.507_vol.tar file to a directory.
2) Extract VOL* files.
# tar xvf p533159.507_vol.tar
3) Run the custom command, specify an install from media images,
and specify the directory as the location of the images.
6. OpenServer 6.0.0
6.1 Location of Fixed Binaries
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.7.1
6.2 Verification
MD5 (p533159.600_vol.tar) = 8a93a2fd7458aa8ad23e6695845a9441
md5 is available for download from
ftp://ftp.sco.com/pub/security/tools
6.3 Installing Fixed Binaries
Upgrade the affected binaries with the following sequence:
1) Download p533159.600_vol.tar file to a directory.
2) Extract VOL* files.
# tar xvf p533159.600_vol.tar
3) Run the custom command, specify an install from media images,
and specify the directory as the location of the images.
7. References
Specific references for this advisory:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2929
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3120
http://lists.grok.org.uk/pipermail/full-disclosure/2005-October/038019.html
http://secunia.com/advisories/17216
http://securitytracker.com/id?1015065
http://securitytracker.com/id?1015195
http://www.idefense.com/application/poi/display?id=338&type=vulnerabilities
http://www.securityfocus.com/bid/15395
SCO security resources:
http://www.sco.com/support/security/index.html
SCO security advisories via email
http://www.sco.com/support/forums/security.html
This security fix closes SCO incidents fz533159 fz533314.
8. Disclaimer
SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers
intended to promote secure installation and use of SCO
products.
9. Acknowledgments
SCO would like to thank Ulf Harnhammar for reporting the NNTP
buffer overflow vulnerability.
______________________________________________________________________________
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (UnixWare)
iD8DBQFDyBLEaqoBO7ipriERAv3YAJ9yApgDfbXWeEyfMo918ffegqatrACfZK0F
npt99xWdNlpwbQBlbtDg5tE=
=NfiL
- -----END PGP SIGNATURE-----
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SCO Security Advisory
Subject: OpenServer 5.0.6 OpenServer 5.0.7 OpenServer 6.0.0 : GTK+ gdk-pixbuf XPM Loader Heap Overflow Vulnerability
Advisory number: SCOSA-2006.8
Issue date: 2006 January 13
Cross reference: fz533256
CVE-2005-3186
______________________________________________________________________________
1. Problem Description
Integer overflow in the GTK+ gdk-pixbuf XPM image rendering
library in GTK+ allows attackers to execute arbitrary code via
an XPM file with a number of colors that causes insufficient
memory to be allocated, which leads to a heap-based buffer
overflow.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2005-3186 to this issue.
2. Vulnerable Supported Versions
System Binaries
----------------------------------------------------------------------
OpenServer 5.0.6 /usr/lib/gtk-2.0/2.4.0/loaders/libpixbufloader_xpm.so
OpenServer 5.0.7 /usr/lib/gtk-2.0/2.4.0/loaders/libpixbufloader_xpm.so
OpenServer 6.0.0 /osr5/usr/lib/gtk-2.0/2.4.0/loaders/libpixbufloader_xpm.so
/usr/lib/gtk-2.0/2.4.0/loaders/libpixbufloader_xpm.so
3. Solution
The proper solution is to install the latest packages.
4. OpenServer 5.0.6
4.1 Location of Fixed Binaries
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.8
4.2 Verification
MD5 (p533256.507_vol.tar) = e61c97d16e43e72f7b00a3892756e805
md5 is available for download from
ftp://ftp.sco.com/pub/security/tools
4.3 Installing Fixed Binaries
The following packages should be installed on your system before
you install this fix:
OSS646C:
ftp://ftp.sco.com/pub/openserver5/oss646c/
GWXLIBS version 2.1.0:
ftp://ftp.sco.com/pub/openserver5/opensrc/gwxlibs-2.1.0Ba/
Upgrade the affected binaries with the following sequence:
1) Download p533256.507_vol.tar file to a directory.
2) Extract VOL* files.
# tar xvf p533256.507_vol.tar
3) Run the custom command, specify an install from media images,
and specify the directory as the location of the images.
5. OpenServer 5.0.7
5.1 Location of Fixed Binaries
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.8
5.2 Verification
MD5 (p533256.507_vol.tar) = e61c97d16e43e72f7b00a3892756e805
md5 is available for download from
ftp://ftp.sco.com/pub/security/tools
5.3 Installing Fixed Binaries
The following package should be installed on your system before
you install this fix:
osr507mp4:
http://www.sco.com/support/update/download/release.php?rid=116
Upgrade the affected binaries with the following sequence:
1) Download p533256.507_vol.tar file to a directory.
2) Extract VOL* files.
# tar xvf p533256.507_vol.tar
3) Run the custom command, specify an install from media images,
and specify the directory as the location of the images.
6. OpenServer 6.0.0
6.1 Location of Fixed Binaries
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.8
6.2 Verification
MD5 (p533256.600_vol.tar) = ff1837fba28127fb647fd07cec2b9abf
md5 is available for download from
ftp://ftp.sco.com/pub/security/tools
6.3 Installing Fixed Binaries
Upgrade the affected binaries with the following sequence:
1) Download p533256.600_vol.tar file to a directory.
2) Extract VOL* files.
# tar xvf p533256.600_vol.tar
3) Run the custom command, specify an install from media images,
and specify the directory as the location of the images.
7. References
Specific references for this advisory:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3186
http://secunia.com/advisories/17522
http://securitytracker.com/id?1015216
http://www.frsirt.com/english/advisories/2005/2433
http://www.idefense.com/application/poi/display?id=339&type=vulnerabilities
http://www.securityfocus.com/bid/15435
SCO security resources:
http://www.sco.com/support/security/index.html
SCO security advisories via email
http://www.sco.com/support/forums/security.html
This security fix closes SCO incidents fz533256.
8. Disclaimer
SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers
intended to promote secure installation and use of SCO
products.
______________________________________________________________________________
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (UnixWare)
iD8DBQFDx8qFaqoBO7ipriERAttIAJ4o2SJQ0ClPFSUt64h6qQjtWXSP8gCeL8p0
/sS0YV9ygYVzTRveExSI4uc=
=xIHD
- -----END PGP SIGNATURE-----