[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] SCOSA-2005.54 UnixWare 7.1.3 UnixWare 7.1.4 : uidadmin Buffer Overflow Vulnerability
- To: security-announce@xxxxxxxxxxxx
- Subject: [Full-disclosure] SCOSA-2005.54 UnixWare 7.1.3 UnixWare 7.1.4 : uidadmin Buffer Overflow Vulnerability
- From: security@xxxxxxx
- Date: Mon, 12 Dec 2005 12:03:32 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SCO Security Advisory
Subject: UnixWare 7.1.3 UnixWare 7.1.4 : uidadmin Buffer
Overflow Vulnerability
Advisory number: SCOSA-2005.54
Issue date: 2005 December 12
Cross reference: fz533178
CVE-2005-3903
______________________________________________________________________________
1. Problem Description
Local exploitation of a buffer overflow vulnerability in the
uidadmin binary allows attackers to gain root privileges.
Successful exploitation of this vulnerability requires that user
have local access to the system. This would allow the user to
gain superuser privileges.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2005-3903 to this issue.
2. Vulnerable Supported Versions
System Binaries
----------------------------------------------------------------------
UnixWare 7.1.3 /usr/bin/uidadmin
UnixWare 7.1.4 /usr/bin/uidadmin
3. Solution
The proper solution is to install the latest packages.
4. UnixWare 7.1.3
4.1 Location of Fixed Binaries
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.54
4.2 Verification
MD5 (p533178.image) = 612805326316c16e07d632d3e0d1a82e
md5 is available for download from
ftp://ftp.sco.com/pub/security/tools
4.3 Installing Fixed Binaries
Upgrade the affected binaries with the following sequence:
Download p533178.image to the /var/spool/pkg directory.
# pkgadd -d /var/spool/pkg/p533178.image
Note that UnixWare 7.1.3 Maintenance Pack 5 is required to
be installed before you can install this package.
5. UnixWare 7.1.4
5.1 Location of Fixed Binaries
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.54
5.2 Verification
MD5 (p533178.image) = 612805326316c16e07d632d3e0d1a82e
md5 is available for download from
ftp://ftp.sco.com/pub/security/tools
5.3 Installing Fixed Binaries
Upgrade the affected binaries with the following sequence:
Download p533178.image to the /var/spool/pkg directory.
# pkgadd -d /var/spool/pkg/p533178.image
6. References
Specific references for this advisory:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3903
SCO security resources:
http://www.sco.com/support/security/index.html
SCO security advisories via email
http://www.sco.com/support/forums/security.html
This security fix closes SCO incidents fz533178.
7. Disclaimer
SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers
intended to promote secure installation and use of SCO
products.
8. Acknowledgments
SCO would like to thanks iDEFENSE for reporting this
vulnerability.
______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (UnixWare)
iD8DBQFDnZY7aqoBO7ipriERAjY6AJ9MLLNx6UYHYSyp1rpxhjPCW9sgTgCgq3tG
kR/xECcQlsYY2m5dJSxh/G4=
=jDrc
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/