[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] SCOSA-2005.59 OpenServer 5.0.7 OpenServer 6.0.0 : Gzip Multiple Vulnerabilities

To: security-announce@xxxxxxxxxxxx
Subject: [Full-disclosure] SCOSA-2005.59 OpenServer 5.0.7 OpenServer 6.0.0 : Gzip Multiple Vulnerabilities
From: security@xxxxxxx
Date: Fri, 16 Dec 2005 18:01:45 -0500 (EST)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________

                        SCO Security Advisory

Subject:                OpenServer 5.0.7 OpenServer 6.0.0 : Gzip Multiple 
Vulnerabilities
Advisory number:        SCOSA-2005.59
Issue date:             2005 December 16
Cross reference:        sr864726 erg712907 fz532854 sr864725 erg712906 fz532855
                        CVE-2005-0758 CVE-2005-0988 CVE-2005-1228
______________________________________________________________________________


1. Problem Description

        zgrep in gzip does not properly sanitize arguments, which allows
        local users to execute arbitrary commands via filenames that are
        injected into a sed script.

        The Common Vulnerabilities and Exposures project (cve.mitre.org)
        has assigned the name CVE-2005-0758 to this issue.

        Race condition in gzip, when decompressing a gzipped file,
        allows local users to modify permissions of arbitrary files via
        a hard link attack on a file while it is being decompressed,
        whose permissions are changed by gzip after the decompression is
        complete.

        The Common Vulnerabilities and Exposures project (cve.mitre.org)
        has assigned the name CVE-2005-0988 to this issue.

        Directory traversal vulnerability in gunzip -N allows remote
        attackers to write to arbitrary directories via a .. (dot dot)
        in the original filename within a compressed file.

        The Common Vulnerabilities and Exposures project (cve.mitre.org)
        has assigned the name CVE-2005-1228 to this issue.


2. Vulnerable Supported Versions

        System                          Binaries
        ----------------------------------------------------------------------
        OpenServer 5.0.7                gzip distribution
        OpenServer 6.0.0                gzip distribution


3. Solution

        The proper solution is to install the latest packages.


4. OpenServer 5.0.7

        4.1 Location of Fixed Binaries

        The fixes are only available in SCO OpenServer Release 5.0.7
        Maintenance Pack 4 or later.

        ftp://ftp.sco.com/pub/openserver5/507/mp/osr507mp4/osr507mp4_vol.tar


    4.2 Verification

        MD5 (osr507mp4_vol.tar) = 4c87d840ff5b43221258547d19030228

        md5 is available for download from
                ftp://ftp.sco.com/pub/security/tools


    4.3 Installing Fixed Binaries

        See the SCO OpenServer Release 5.0.7 Maintenance Pack 4 Release
        and Installation Notes:

        ftp://ftp.sco.com/pub/openserver5/507/mp/osr507mp4/osr507mp4.htm


5. OpenServer 6.0.0

        5.1 Location of Fixed Binaries

        ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.59


    5.2 Verification

        MD5 (VOL.000.000) = 2f882aed13d5d0386880fad4f0ee8860

        md5 is available for download from
                ftp://ftp.sco.com/pub/security/tools


    5.3 Installing Fixed Binaries

        Upgrade the affected binaries with the following sequence:

        1) Download the VOL* files to a directory.

        2) Run the custom command, specify an install
           from media images, and specify the directory as
           the location of the images.


6. References

        Specific references for this advisory:
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0758
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0988
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1228
                http://secunia.com/advisories/15047
                http://www.securityfocus.com/bid/12996
                http://xforce.iss.net/xforce/xfdb/20199

        SCO security resources:
                http://www.sco.com/support/security/index.html

        SCO security advisories via email
                http://www.sco.com/support/forums/security.html

        This security fix closes SCO incidents sr864726 erg712907
        fz532854 sr864725 erg712906 fz532855.


7. Disclaimer

        SCO is not responsible for the misuse of any of the information
        we provide on this website and/or through our security
        advisories. Our advisories are a service to our customers
        intended to promote secure installation and use of SCO
        products.

______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (UnixWare)

iD8DBQFDo0QsaqoBO7ipriERAiD7AJ9uMkNTFe+HMx1knQGlNXAbxT+wagCfUtMO
lkaSesgOnhrzol2tEWkeBDM=
=uGJ7
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] SCOSA-2005.58 UnixWare 7.1.4 : Gzip Multiple Vulnerabilities
Next by Date: [Full-disclosure] Occasional random strings
Previous by thread: [Full-disclosure] SCOSA-2005.58 UnixWare 7.1.4 : Gzip Multiple Vulnerabilities
Next by thread: [Full-disclosure] Occasional random strings
Index(es):
- Date
- Thread