From security@sco.com Thu Sep 25 04:24:14 2003 From: security@sco.com To: bugtraq@securityfocus.com, announce@lists.caldera.com, full-disclosure@lists.netsys.com Date: Tue, 23 Sep 2003 23:01:10 -0700 Reply-To: please_reply_to_security@sco.com Subject: [Full-Disclosure] OpenServer 5.0.7 OpenServer 5.0.6 OpenServer 5.0.5 : wu-ftpd fb_realpath() off-by-one bug To: bugtraq@securityfocus.com announce@lists.caldera.com full-disclosure@lists.netsys.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SCO Security Advisory Subject: OpenServer 5.0.7 OpenServer 5.0.6 OpenServer 5.0.5 : wu-ftpd fb_realpath() off-by-one bug Advisory number: CSSA-2003-SCO.20 Issue date: 2003 September 18 Cross reference: sr882339 fz528115 erg712363 ______________________________________________________________________________ 1. Problem Description Wu-ftpd FTP server contains remotely exploitable off-by-one bug. A local or remote attacker could exploit this vulnerability to gain root privileges on a vulnerable system. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0466 to this issue. 2. Vulnerable Supported Versions System Binaries ---------------------------------------------------------------------- OpenServer 5.0.5 - 5.0.7 /etc/ftpd 3. Solution The proper solution is to install the latest packages. 4. OpenServer 5.0.7 4.1 Install Maintenance pack 1. 4.2 Location of Maintenance pack 1. ftp://ftp.sco.com/pub/openserver5/osr507mp/ 4.3 Installing Maintenance pack 1. Upgrade the affected binaries with the following sequence: 1) Download the VOL* files to the /tmp directory 2) Run the custom command, specify an install from media images, and specify the /tmp directory as the location of the images. 5. OpenServer 5.0.6 - 5.0.5 5.1 First, install: OSS646B - Execution Environment Supplement 5.2 Location of Fixed Binaries ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.20 5.3 Verification MD5 (VOL.000.000) = 7cde8ff3cf05658b054dae20f6620bcb md5 is available for download from ftp://ftp.sco.com/pub/security/tools 5.4 Installing Fixed Binaries Upgrade the affected binaries with the following sequence: 1) Download the VOL* files to the /tmp directory 2) Run the custom command, specify an install from media images, and specify the /tmp directory as the location of the images. 6. References Specific references for this advisory: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0466 http://isec.pl/vulnerabilities/isec-0011-wu-ftpd.txt http://www.ciac.org/ciac/bulletins/n-132.shtml SCO security resources: http://www.sco.com/support/security/index.html This security fix closes SCO incidents sr882339 fz528115 erg712363. 8. Disclaimer SCO is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of SCO products. 9. Acknowledgments SCO would like to thank Wojciech Purczynski and Janusz Niewiadomski for the advisory. ______________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux) iD8DBQE/bzTsaqoBO7ipriERAidHAJ4wpBW9J3GCPEwn6Mak9t5+XAZAwgCghQSs q7S5CxTJrBp2c0KqG+NM+Zw= =4pz6 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html