[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] SCOSA-2006.22 UnixWare 7.1.3 UnixWare 7.1.4 : X Server Arbitrary Code Execution
- To: security-announce@xxxxxxxxxxxx
- Subject: [Full-disclosure] SCOSA-2006.22 UnixWare 7.1.3 UnixWare 7.1.4 : X Server Arbitrary Code Execution
- From: SCO Security Advisories <security@xxxxxxx>
- Date: Fri, 21 Apr 2006 14:37:15 -0700
--
Dr. Ronald Joe Record
SCO Security Officer
rr@xxxxxxx
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SCO Security Advisory
Subject: UnixWare 7.1.3 UnixWare 7.1.4 : X Server Arbitrary Code
Execution Vulnerability
Advisory number: SCOSA-2006.22
Issue date: 2006 April 21
Cross reference: fz532989
CVE-2005-2495
______________________________________________________________________________
1. Problem Description
Multiple X Window System server applications share code
that may contain a flaw in the memory allocation for large
pixmaps. The affected products include X server applications.
An integer overflow condition may result in a memory allocation
request returning an allocated region that is incorrectly
sized. The client may then be able to use the XDrawPoint()
and XGetImage() functions to read and write to arbitrary
locations in the X server's address space.
A malicious local authenticated attacker may be able to
execute arbitrary code with the privileges of the X server.
The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CVE-2005-2495 to
this issue.
2. Vulnerable Supported Versions
System Binaries
----------------------------------------------------------------------
UnixWare 7.1.3 xserver package
UnixWare 7.1.4 xserver package
3. Solution
The proper solution is to install the latest packages.
4. UnixWare 7.1.3
4.1 Location of Fixed Binaries
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.22
4.2 Verification
MD5 (p532989.713.image) = f0c513384ff2aebb2b1d172ddbb27a6b
md5 is available for download from
ftp://ftp.sco.com/pub/security/tools
4.3 Installing Fixed Binaries
Upgrade the affected binaries with the following sequence:
Download p532989.713.image to the /var/spool/pkg directory
# pkgadd -d /var/spool/pkg/p532989.713.image
5. UnixWare 7.1.4
5.1 Location of Fixed Binaries
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.22
5.2 Verification
MD5 (p532989.714.image) = 033d004c0aefa9f922d3aab971d8a801
md5 is available for download from
ftp://ftp.sco.com/pub/security/tools
5.3 Installing Fixed Binaries
Upgrade the affected binaries with the following sequence:
Download p532989.714.image to the /var/spool/pkg directory
# pkgadd -d /var/spool/pkg/p532989.714.image
6. References
Specific references for this advisory:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2495
http://www.kb.cert.org/vuls/id/102441
https://bugs.freedesktop.org/show_bug.cgi?id=594
http://secunia.com/advisories/16790/
http://secunia.com/advisories/16777/
SCO security resources:
http://www.sco.com/support/security/index.html
SCO security advisories via email
http://www.sco.com/support/forums/security.html
This security fix closes SCO incidents fz532989.
7. Disclaimer
SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers intended
to promote secure installation and use of SCO products.
8. Acknowledgments
Thanks to Luke Hutchison and Søren Sandmann Pedersen for reporting
this vulnerability.
______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (SCO_SV)
iD8DBQFESUBSaqoBO7ipriERAtCfAJ9lnTqRHiZ5/tNxA2+9TP4YFaEWRgCeIpJ/
nCmIhZDLEc3hFHaNZaDXV8c=
=+ecN
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/