[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] SCOSA-2005.47 UnixWare 7.1.3 UnixWare 7.1.4 : Lynx NNTP Buffer Overflow Vulnerability
- To: security-announce@xxxxxxxxxxxx
- Subject: [Full-disclosure] SCOSA-2005.47 UnixWare 7.1.3 UnixWare 7.1.4 : Lynx NNTP Buffer Overflow Vulnerability
- From: security@xxxxxxx
- Date: Tue, 8 Nov 2005 14:20:47 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SCO Security Advisory
Subject: UnixWare 7.1.3 UnixWare 7.1.4 : Lynx NNTP Buffer
Overflow Vulnerability
Advisory number: SCOSA-2005.47
Issue date: 2005 November 08
Cross reference: fz533159
CVE-2005-3120
______________________________________________________________________________
1. Problem Description
Ulf Harnhammar has reported a vulnerability in Lynx, which can
be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error in the
"HTrjis()" function in the handling of article headers sent from
NNTP (Network News Transfer Protocol) servers. This can be
exploited to cause a stack-based buffer overflow by e.g.
tricking a user into visiting a malicious web site which
redirects to a malicious NNTP server via the "nntp:"; URI
handler.
Successful exploitation allows execution of arbitrary code.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2005-3120 to this issue.
2. Vulnerable Supported Versions
System Binaries
----------------------------------------------------------------------
UnixWare 7.1.3 /usr/gnu/bin/lynx
UnixWare 7.1.4 /usr/gnu/bin/lynx
3. Solution
The proper solution is to install the latest packages.
4. UnixWare 7.1.3
4.1 Location of Fixed Binaries
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.47
4.2 Verification
MD5 (p533159.image) = bc3fd8c36aea096b7ed75a2f27950b1e
md5 is available for download from
ftp://ftp.sco.com/pub/security/tools
4.3 Installing Fixed Binaries
Upgrade the affected binaries with the following sequence:
Download p533159.image to the /var/spool/pkg directory
# pkgadd -d /var/spool/pkg/p533159.image
5. UnixWare 7.1.4
5.1 Location of Fixed Binaries
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.47
5.2 Verification
MD5 (p533159.image) = bc3fd8c36aea096b7ed75a2f27950b1e
md5 is available for download from
ftp://ftp.sco.com/pub/security/tools
5.3 Installing Fixed Binaries
Upgrade the affected binaries with the following sequence:
Download p533159.image to the /var/spool/pkg directory
# pkgadd -d /var/spool/pkg/p533159.image
6. References
Specific references for this advisory:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3120
http://lists.grok.org.uk/pipermail/full-disclosure/2005-October/038019.html
http://securitytracker.com/id?1015065
http://secunia.com/advisories/17216
SCO security resources:
http://www.sco.com/support/security/index.html
SCO security advisories via email
http://www.sco.com/support/forums/security.html
This security fix closes SCO incident fz533159.
7. Disclaimer
SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers
intended to promote secure installation and use of SCO
products.
8. Acknowledgments
SCO would like to thank Ulf Harnhammar for reporting this
vulnerability.
______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (UnixWare)
iD8DBQFDcPYVaqoBO7ipriERAjoRAJ0U1Ik6iVjuCU2XFRAAiJ1k157D8gCeOXw6
+lnmbCl8lvRH/GYwLg2saLE=
=g4hZ
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/