April 2006
Four SCO Security Advisories
ID: 00310
Ref: 306/2006
Date: 24 April 2006:13:53:20
Version: 1
Title: Four SCO Security Advisories
Abstract:
Vendors affected: SCO
Operating systems affected: SCO
Applications affected: SCO
Title
=====
Four SCO Security Advisories:
1. SCOSA-2006.19 - OpenServer 5.0.7 OpenServer 6.0.0 : GhostScript Insecure Temporary
File Creation Vulnerability
2. SCOSA-2006.20 OpenServer 5.0.7 OpenServer 6.0.0 : CUPS Multiple Buffer Overflow
Vulnerabilities
3. SCOSA-2006.21 UnixWare 7.1.4 : CUPS Multiple Buffer Overflow Vulnerabilities
4. SCOSA-2006.22 UnixWare 7.1.3 UnixWare 7.1.4 : X Server Arbitrary Code Execution
Detail
======
1. Ghostscript is affected by an insecure temporary file creation
vulnerability. This issue is likely due to a design error
that causes the application to fail to verify the existence
of a file before writing to it.
2. Some vulnerabilities have been reported in CUPS, which can
be exploited by malicious people to cause a DoS (Denial of
Service) and potentially to compromise a vulnerable system.
3. Some vulnerabilities have been reported in CUPS, which can
be exploited by malicious people to cause a DoS (Denial of
Service) and potentially to compromise a vulnerable system.
4. Multiple X Window System server applications share code
that may contain a flaw in the memory allocation for large
pixmaps. The affected products include X server applications.
1.
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SCO Security Advisory
Subject: OpenServer 5.0.7 OpenServer 6.0.0 : GhostScript Insecure Temporary
File Creation Vulnerability
Advisory number: SCOSA-2006.19
Issue date: 2006 April 11
Cross reference: fz533156
CVE-2004-0967
______________________________________________________________________________
1. Problem Description
Ghostscript is affected by an insecure temporary file creation
vulnerability. This issue is likely due to a design error
that causes the application to fail to verify the existence
of a file before writing to it.
An attacker may leverage this issue to overwrite arbitrary
files with the privileges of an unsuspecting user that
activates the vulnerable application. Reportedly this issue
is unlikely to facilitate privilege escalation.
The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CVE-2004-0967 to
this issue.
2. Vulnerable Supported Versions
System Binaries
----------------------------------------------------------------------
OpenServer 5.0.7 Ghostscript package
OpenServer 6.0.0 Ghostscript package
3. Solution
The proper solution is to install the latest packages.
4. OpenServer 5.0.7
4.1 Location of Fixed Binaries
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.19
4.2 Verification
MD5 (p533156.507_vol.tar) = ae7c290a3b686c4bc01bdd0dc4adc1af
md5 is available for download from
ftp://ftp.sco.com/pub/security/tools
4.3 Installing Fixed Binaries
Upgrade the affected binaries with the following sequence:
1) Download p533156.507_vol.tar to a directory.
2) Extract VOL* files.
# tar xvf p533156.507_vol.tar
3) Run the custom command, specify an install
from media images, and specify the directory as
the location of the images.
5. OpenServer 6.0.0
5.1 Location of Fixed Binaries
ftp://ftp.sco.com/pub/openserver6/600/mp/osr600mp2/osr600mp2.iso
5.2 Verification
MD5 (osr600mp2.iso) = 7e560dcde374eb60df2b4a599ac20d8a
md5 is available for download from
ftp://ftp.sco.com/pub/security/tools
5.3 Installing Fixed Binaries
See the SCO OpenServer Release 6.0.0 Maintenance Pack 2 Release
and Installation Notes:
ftp://ftp.sco.com/pub/openserver6/600/mp/osr600mp2/osr600mp2.html
6. References
Specific references for this advisory:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0967
http://www.securityfocus.com/bid/11285/references
http://secunia.com/advisories/12903/
SCO security resources:
http://www.sco.com/support/security/index.html
SCO security advisories via email
http://www.sco.com/support/forums/security.html
This security fix closes SCO incidents fz533156.
7. Disclaimer
SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers intended
to promote secure installation and use of SCO products.
8. Acknowledgments
Trustix security engineers are credited with the discovery of
this vulnerability.
______________________________________________________________________________
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (SCO_SV)
iD8DBQFERlx3aqoBO7ipriERAsWeAJ4uhzNaylgXpqAP9cY+Ce+gPAN/XgCfYzKg
W6DW022ARU40uLzbzj8gzV8=
=zQ8e
- -----END PGP SIGNATURE-----
2.
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SCO Security Advisory
Subject: OpenServer 5.0.7 OpenServer 6.0.0 : CUPS Multiple Buffer Overflow Vulnerabilities
Advisory number: SCOSA-2006.20
Issue date: 2006 April 18
Cross reference: fz533446
CVE-2005-3191 CVE-2005-3192 CVE-2005-3193
______________________________________________________________________________
1. Problem Description
Some vulnerabilities have been reported in CUPS, which can
be exploited by malicious people to cause a DoS (Denial of
Service) and potentially to compromise a vulnerable system.
The vulnerabilities are caused due to the use of a vulnerable
version of Xpdf.
The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the names CVE-2005-3191,
CVE-2005-3192, and CVE-2005-3193 to these issues.
2. Vulnerable Supported Versions
System Binaries
----------------------------------------------------------------------
OpenServer 5.0.7 Cups package
OpenServer 6.0.0 Cups package
3. Solution
The proper solution is to install the latest packages.
4. OpenServer 5.0.7
4.1 Location of Fixed Binaries
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.20
4.2 Verification
MD5 (p533446.507_vol.tar) = 6150ddaec1548e98e543ae030b2c9de4
md5 is available for download from
ftp://ftp.sco.com/pub/security/tools
4.3 Installing Fixed Binaries
Upgrade the affected binaries with the following sequence:
1) Download p533446.507_vol.tar to a directory.
2) Extract VOL* files.
# tar xvf p533446.507_vol.tar
3) Run the custom command, specify an install
from media images, and specify the directory as
the location of the images.
5. OpenServer 6.0.0
5.1 Location of Fixed Binaries
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.20
5.2 Verification
MD5 (p533446.600_vol.tar) = c4e87cee43acf3e6a55d0416601c92a6
md5 is available for download from
ftp://ftp.sco.com/pub/security/tools
5.3 Installing Fixed Binaries
Upgrade the affected binaries with the following sequence:
1) Download p533446.600_vol.tar to a directory.
2) Extract VOL* files.
# tar xvf p533446.600_vol.tar
3) Run the custom command, specify an install
from media images, and specify the directory as
the location of the images.
6. References
Specific references for this advisory:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3191
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3192
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3193
http://secunia.com/advisories/17976/
SCO security resources:
http://www.sco.com/support/security/index.html
SCO security advisories via email
http://www.sco.com/support/forums/security.html
This security fix closes SCO incidents fz533446.
7. Disclaimer
SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers intended
to promote secure installation and use of SCO products.
______________________________________________________________________________
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (SCO_SV)
iD8DBQFERVAUaqoBO7ipriERAoq6AJ4rV8/X01VWf+DQ33T4P4vVtDR5cwCfQiOP
09BcDpxsRtRb5saMVbPOsVs=
=TlR1
- -----END PGP SIGNATURE-----
3.
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SCO Security Advisory
Subject: UnixWare 7.1.4 : CUPS Multiple Buffer Overflow Vulnerabilities
Advisory number: SCOSA-2006.21
Issue date: 2006 April 18
Cross reference: fz533446
CVE-2005-3191 CVE-2005-3192 CVE-2005-3193
______________________________________________________________________________
1. Problem Description
Some vulnerabilities have been reported in CUPS, which can
be exploited by malicious people to cause a DoS (Denial of
Service) and potentially to compromise a vulnerable system.
The vulnerabilities are caused due to the use of a vulnerable
version of Xpdf.
The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the names CVE-2005-3191,
CVE-2005-3192, and CVE-2005-3193 to these issues.
2. Vulnerable Supported Versions
System Binaries
----------------------------------------------------------------------
UnixWare 7.1.4 Cups package
3. Solution
The proper solution is to install the latest packages.
4. UnixWare 7.1.4
4.1 Location of Fixed Binaries
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.21
4.2 Verification
MD5 (p533446.714.image) = 1bbbd92df9260f0ac32cf27ad03b4532
md5 is available for download from
ftp://ftp.sco.com/pub/security/tools
4.3 Installing Fixed Binaries
Upgrade the affected binaries with the following sequence:
Download p533446.714.image to the /var/spool/pkg directory
# pkgadd -d /var/spool/pkg/p533446.714.image
5. References
Specific references for this advisory:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3191
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3192
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3193
http://secunia.com/advisories/17976/
SCO security resources:
http://www.sco.com/support/security/index.html
SCO security advisories via email
http://www.sco.com/support/forums/security.html
This security fix closes SCO incidents fz533446.
6. Disclaimer
SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers intended
to promote secure installation and use of SCO products.
______________________________________________________________________________
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (SCO_SV)
iD8DBQFERlkmaqoBO7ipriERAk7zAJ0Q+vs/nCHC44LI9s1Am73hFqJacACfYkhQ
OwhdzIoyILAJA3ZkI1bpi/A=
=s7Zo
- -----END PGP SIGNATURE-----
4.
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SCO Security Advisory
Subject: UnixWare 7.1.3 UnixWare 7.1.4 : X Server Arbitrary Code Execution Vulnerability
Advisory number: SCOSA-2006.22
Issue date: 2006 April 21
Cross reference: fz532989
CVE-2005-2495
______________________________________________________________________________
1. Problem Description
Multiple X Window System server applications share code
that may contain a flaw in the memory allocation for large
pixmaps. The affected products include X server applications.
An integer overflow condition may result in a memory allocation
request returning an allocated region that is incorrectly
sized. The client may then be able to use the XDrawPoint()
and XGetImage() functions to read and write to arbitrary
locations in the X server's address space.
A malicious local authenticated attacker may be able to
execute arbitrary code with the privileges of the X server.
The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CVE-2005-2495 to
this issue.
2. Vulnerable Supported Versions
System Binaries
----------------------------------------------------------------------
UnixWare 7.1.3 xserver package
UnixWare 7.1.4 xserver package
3. Solution
The proper solution is to install the latest packages.
4. UnixWare 7.1.3
4.1 Location of Fixed Binaries
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.22
4.2 Verification
MD5 (p532989.713.image) = f0c513384ff2aebb2b1d172ddbb27a6b
md5 is available for download from
ftp://ftp.sco.com/pub/security/tools
4.3 Installing Fixed Binaries
Upgrade the affected binaries with the following sequence:
Download p532989.713.image to the /var/spool/pkg directory
# pkgadd -d /var/spool/pkg/p532989.713.image
5. UnixWare 7.1.4
5.1 Location of Fixed Binaries
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.22
5.2 Verification
MD5 (p532989.714.image) = 033d004c0aefa9f922d3aab971d8a801
md5 is available for download from
ftp://ftp.sco.com/pub/security/tools
5.3 Installing Fixed Binaries
Upgrade the affected binaries with the following sequence:
Download p532989.714.image to the /var/spool/pkg directory
# pkgadd -d /var/spool/pkg/p532989.714.image
6. References
Specific references for this advisory:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2495
http://www.kb.cert.org/vuls/id/102441
https://bugs.freedesktop.org/show_bug.cgi?id=594
http://secunia.com/advisories/16790/
http://secunia.com/advisories/16777/
SCO security resources:
http://www.sco.com/support/security/index.html
SCO security advisories via email
http://www.sco.com/support/forums/security.html
This security fix closes SCO incidents fz532989.
7. Disclaimer
SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers intended
to promote secure installation and use of SCO products.
8. Acknowledgments
Thanks to Luke Hutchison and Søren Sandmann Pedersen for reporting
this vulnerability.
______________________________________________________________________________
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (SCO_SV)
iD8DBQFESUBSaqoBO7ipriERAtCfAJ9lnTqRHiZ5/tNxA2+9TP4YFaEWRgCeIpJ/
nCmIhZDLEc3hFHaNZaDXV8c=
=+ecN
- -----END PGP SIGNATURE-----