March 2006

ID: 00253
Ref: 251/2006
Date: 30 March 2006:11:35:32
Version: 1

---

Title: SCO Security Advisory: SCOSA-2006.16 - UnixWare 7.1.4 : libcurl URL Parsing Vulnerability
Abstract:
Vendors affected: SCO
Operating systems affected: SCO
Applications affected: SCO

---

Title
=====

SCO Security Advisory: SCOSA-2006.16 - UnixWare 7.1.4 : libcurl URL Parsing Vulnerability

Detail
======

This vulnerability is caused due to an off-by-one error when parsing a URL that
is longer than 256 bytes. By using a specially crafted URL, a two-byte overflow
is reportedly possible. This may be exploited to corrupt memory allocation
structures. The vulnerability is reportedly exploitable only via a direct request to
cURL and not via a redirect. The vulnerability has been reported in version 7.15.0 and
prior.



- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________

SCO Security Advisory

Subject: UnixWare 7.1.4 : libcurl URL Parsing Vulnerability
Advisory number: SCOSA-2006.16
Issue date: 2006 March 28
Cross reference: fz533390
CVE-2005-4077
______________________________________________________________________________


1. Problem Description

This vulnerability is caused due to an off-by-one error
when parsing a URL that is longer than 256 bytes. By using
a specially crafted URL, a two-byte overflow is reportedly
possible. This may be exploited to corrupt memory allocation
structures. The vulnerability is reportedly exploitable
only via a direct request to cURL and not via a redirect.
The vulnerability has been reported in version 7.15.0 and
prior.

The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CVE-2005-4077 to
this issue.


2. Vulnerable Supported Versions

System Binaries
----------------------------------------------------------------------
UnixWare 7.1.4 The curl package


3. Solution

The proper solution is to install the latest packages.


4. UnixWare 7.1.4

4.1 Location of Fixed Binaries

ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.16


4.2 Verification

MD5 (curl-7.15.1.pkg) = 62f7076f2d1096e131dd0e9780ee15fd

md5 is available for download from
ftp://ftp.sco.com/pub/security/tools


4.3 Installing Fixed Binaries

Upgrade the affected binaries with the following sequence:

Download curl-7.15.1.pkg to the /var/spool/pkg directory

# pkgadd -d /var/spool/pkg/curl-7.15.1.pkg


5. References

Specific references for this advisory:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4077
http://www.hardened-php.net/advisory_242005.109.html
http://secunia.com/advisories/17907/

SCO security resources:
http://www.sco.com/support/security/index.html

SCO security advisories via email
http://www.sco.com/support/forums/security.html

This security fix closes SCO incidents fz533390.


6. Disclaimer

SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers intended
to promote secure installation and use of SCO products.


7. Acknowledgments

Provided and/or discovered by: Stefan Esser, Hardened PHP Project.

______________________________________________________________________________
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (SCO_SV)

iD8DBQFEKdepaqoBO7ipriERAlsyAJ9sVkFxf4AbhIQ/vLh9NkoZbfNkbgCgqR5j
daTMqYraFNp/w0886giZpFc=
=pBhs
- -----END PGP SIGNATURE-----