Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > June 2006 > Two SCO Security Advisories SCOSA-2006.18.1; SCOSA-2006.25

June 2006

Two SCO Security Advisories SCOSA-2006.18.1; SCOSA-2006.25

ID: 00383
Ref: 375/06
Date: 01 June 2006:12:08:11
Version: 1
Title: Two SCO Security Advisories SCOSA-2006.18.1; SCOSA-2006.25
Abstract: 1. SCOSA-2006.18.1 UnixWare 7.1.4 : MySQL User-Defined Function Buffer Overflow Vulnerability 2. SCOSA-2006.25 OpenServer 6.0.0: Sendmail Arbitrary Code Execution Vulnerability
Vendors affected: SCO
Operating systems affected: SCO
Applications affected: SCO

1.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________

SCO Security Advisory

Subject: UnixWare 7.1.4 : MySQL User-Defined Function Buffer Overflow Vulnerability
Advisory number: SCOSA-2006.18.1
Issue date: 2006 May 25
Cross reference: fz533822 fz533383
CVE-2005-2558
______________________________________________________________________________


1. Problem Description

Stack-based buffer overflow in the init_syms function in
MySQL 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before
5.0.7-beta allows remote authenticated users who can create
user-defined functions to execute arbitrary code via a long
function_name field.

MySQL is prone to a buffer overflow vulnerability. This issue
is due to insufficient bounds checking of data supplied as
an argument in a user-defined function.

This issue could be exploited by a database user with
sufficient access to create a user-defined function. It may
also be possible to exploit this issue trhough latent SQL
injection vulnerabilities in third-party applications that
use the database as a backend.

Successful exploitation will result in execution of arbitrary
code in the context of the database server process.

The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CVE-2005-2558 to
this issue.


2. Vulnerable Supported Versions

System Binaries
----------------------------------------------------------------------
UnixWare 7.1.4 MySQL package


3. Solution

The proper solution is to install the latest packages.


4. UnixWare 7.1.4

4.1 Location of Fixed Binaries

ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.18.1


4.2 Verification

MD5 (MySQL-5.0.19-01.pkg) = ddeae36d8899addd8519460aaf769057

md5 is available for download from
ftp://ftp.sco.com/pub/security/tools


4.3 Installing Fixed Binaries

Upgrade the affected binaries with the following sequence:

Download MySQL-5.0.19-01.pkg to the /var/spool/pkg directory
Download README-MySQL-5.0.19-UW7 to the /tmp directory

View the MySQL 5.0.19-01 installation notes in the file
/tmp/README-MySQL-5.0.19-UW7

Install the MySQL 5.0.19-01 package with the command
# pkgadd -d /var/spool/pkg/MySQL-5.0.19-01.pkg


5. References

Specific references for this advisory:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2558
http://www.securityfocus.com/bid/14509

SCO security resources:
http://www.sco.com/support/security/index.html

SCO security advisories via email
http://www.sco.com/support/forums/security.html

This security fix closes SCO incidents fz533822 and fz533383.


6. Disclaimer

SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers intended
to promote secure installation and use of SCO products.


7. Acknowledgments

Discovery of this vulnerability is credited to Reid Borsuk of
Application Security Inc. Tim Rice discovered the improper client
library symbolic links.

______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (SCO_SV)

iD8DBQFEddSPaqoBO7ipriERAm3mAJ4iKLESpoWgWtoE5xD0CvBb35Y2MgCdHyz1
0gfs61e+LaOWqpFY+A9U4TU=
=qriE
-----END PGP SIGNATURE-----


2.


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________


SCO Security Advisory


Subject: OpenServer 6.0.0: Sendmail Arbitrary Code Execution Vulnerability
Advisory number: SCOSA-2006.25
Issue date: 2006 May 30
Cross reference: fz533700
CVE-2006-0058
______________________________________________________________________________


1. Problem Description

Sendmail could allow a remote attacker to execute arbitrary code as
root, caused by a signal race vulnerability.

The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CVE-2006-0058 to
this issue.


2. Vulnerable Supported Versions

System Binaries
----------------------------------------------------------------------
OpenServer 6.0.0 sendmail
mailstats
praliiases
rmail
smrsh
makemap


3. Solution

The proper solution is to install the latest packages.


4. OpenServer 6.0.0

4.1 Location of Fixed Binaries

ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.25


4.2 Verification

MD5 (p533700.600_vol.tar) = 398f2d470a02adf4c9e6b1dd546bde50

md5 is available for download from
ftp://ftp.sco.com/pub/security/tools


4.3 Installing Fixed Binaries

Upgrade the affected binaries with the following sequence:

1) Download p533700.600_vol.tar to a directory.

2) Extract VOL* files.

# tar xvf p533700.600_vol.tar

3) Run the custom command, specify an install
from media images, and specify the directory as
the location of the images.

5. References

Specific references for this advisory:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0058
http://www.securityfocus.com/archive/1/428536/100/0/threaded
http://www.sendmail.org/

SCO security resources:
http://www.sco.com/support/security/index.html

SCO security advisories via email
http://www.sco.com/support/forums/security.html

This security fix closes SCO incidents fz533700.


6. Disclaimer

SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers intended
to promote secure installation and use of SCO products.


7. Acknowledgments

Marc Bejarano is credited with the discovery of this vulnerability.


______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (SCO_SV)

iD8DBQFEfHaLaqoBO7ipriERAjgHAJwJWdpCI0Pb4wFUYiYj/8+OVCIttwCfdJNe
SSrTod2AJfbXui2OOsmp/L8=
=Bdad
-----END PGP SIGNATURE-----
  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |