From security@sco.com Fri Nov 7 15:43:19 2003 From: security@sco.com To: announce@lists.caldera.com, bugtraq@securityfocus.com, full-disclosure@lists.netsys.com Date: Fri, 7 Nov 2003 10:54:09 -0800 Reply-To: please_reply_to_security@sco.com Subject: OpenServer 5.0.7 OpenServer 5.0.6 OpenServer 5.0.5 : Various Apache security fixes To: announce@lists.caldera.com bugtraq@securityfocus.com full-disclosure@lists.netsys.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SCO Security Advisory Subject: OpenServer 5.0.7 OpenServer 5.0.6 OpenServer 5.0.5 : Various Apache security fixes Advisory number: CSSA-2003-SCO.28 Issue date: 2003 November 06 Cross reference: sr875660 fz527514 erg712258 sr886043 fz528422 erg712464 sr886994 fz528484 erg712486 sr886997 fz528487 erg712489 sr879164 fz527929 erg712354 CAN-2003-0192 CAN-2003-0542 CAN-2002-1396 CAN-2003-0166 CAN-2003-0442 ______________________________________________________________________________ 1. Problem Description The issues are: CAN-2003-0192 Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per- directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite. CAN-2003-0542 Apache 2.0.48 addresses two security vulnerabilities, one of which is a buffer overflow in mod_alias and mod_rewrite. A buffer overflow could occur in mod_alias and mod_rewrite when a regular expression with more than 9 captures is configured. CAN-2002-1396 Heap-based buffer overflow in the wordwrap function in PHP after 4.1.2 and before 4.3.0 may allow attackers to cause a denial of service or execute arbitrary code. CAN-2003-0166 Integer signedness error in emalloc() function for PHP before 4.3.2 allow remote attackers to cause a denial of service (memory consumption) and possibly execute arbitrary code via negative arguments to functions such as (1) socket_recv, (2) socket_recvfrom, and possibly other functions. CAN-2003-0442 Cross-site scripting(XSS) vulnerability in the transparent SID support capability for PHP before 4.3.2 (session.use_trans_sid) allows remote attackers to insert arbitrary script via the PHPSESSID parameter. 2. Vulnerable Supported Versions System Binaries ---------------------------------------------------------------------- OpenServer 5.0.7 Apache distribution OpenServer 5.0.6 Apache distribution OpenServer 5.0.5 Apache distribution 3. Solution The proper solution is to install the latest packages. 4. OpenServer 5.0.7 4.1 First install Maintenance Pack 1 ftp://ftp.sco.com/pub/openserver5/507/osr507mp/ 4.2 Next install the new gwxlibs-1.3.2Ag ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.29 4.3 Next install the new perl-5.8.1Ab ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.30 4.4 Location of Fixed Binaries ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.28 4.5 Verification MD5 (VOL.000.000) = 7f1991a2e20b51f0482a88a3d9cfd199 MD5 (VOL.000.001) = 046230a639d155e8e977d68d3aa9bfd7 MD5 (VOL.000.002) = 4813b72228a7796608a27835eafefbf7 MD5 (VOL.000.003) = 2fd98496393cdae1ad726d9534b5ff4e MD5 (VOL.000.004) = c5043af48ab75e70bdf2b836ef0a8195 MD5 (VOL.000.005) = d1f627721494b2dcf50f4b90acb7d52a MD5 (VOL.000.006) = 57ee69d863d14a93b1afa7c3bc81f901 MD5 (VOL.000.007) = 2066d39463d5d085706e1d1e6388a76a MD5 (VOL.000.008) = 77549fb84fac4040d113867f4ee9725b md5 is available for download from ftp://ftp.sco.com/pub/security/tools 4.6 Installing Fixed Binaries Upgrade the affected binaries with the following sequence: 1) Download the VOL* files to the /tmp directory 2) Run the custom command, specify an install from media images, and specify the /tmp directory as the location of the images. 5. OpenServer 5.0.6 / OpenServer 5.0.5 5.1 First install OSS646B - Execution Environment Supplement ftp://ftp.sco.com/pub/openserver5/oss646b 5.2 Next install the new gwxlibs-1.3.2Ag ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.29 5.3 Next install the new perl-5.8.1Ab ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.30 5.4 Location of Fixed Binaries ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.28 5.5 Verification MD5 (VOL.000.000) = 7f1991a2e20b51f0482a88a3d9cfd199 MD5 (VOL.000.001) = 046230a639d155e8e977d68d3aa9bfd7 MD5 (VOL.000.002) = 4813b72228a7796608a27835eafefbf7 MD5 (VOL.000.003) = 2fd98496393cdae1ad726d9534b5ff4e MD5 (VOL.000.004) = c5043af48ab75e70bdf2b836ef0a8195 MD5 (VOL.000.005) = d1f627721494b2dcf50f4b90acb7d52a MD5 (VOL.000.006) = 57ee69d863d14a93b1afa7c3bc81f901 MD5 (VOL.000.007) = 2066d39463d5d085706e1d1e6388a76a MD5 (VOL.000.008) = 77549fb84fac4040d113867f4ee9725b md5 is available for download from ftp://ftp.sco.com/pub/security/tools 5.6 Installing Fixed Binaries Upgrade the affected binaries with the following sequence: 1) Download the VOL* files to the /tmp directory 2) Run the custom command, specify an install from media images, and specify the /tmp directory as the location of the images. 6. References Specific references for this advisory: http://www.apache.org/dist/httpd/Announcement2.html http://www.securityfocus.com/archive/1/342674 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0192 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0542 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1396 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0166 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0442 SCO security resources: http://www.sco.com/support/security/index.html This security fix closes SCO incidents sr875660 fz527514 erg712258 sr886043 fz528422 erg712464 sr886994 fz528484 erg712486 sr886997 fz528487 erg712489 sr879164 fz527929 erg712354. 7. Disclaimer SCO is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of SCO products. ______________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (SCO/UNIX_SVR5) iD8DBQE/qv/AaqoBO7ipriERAoMjAJ0eve/LJKnOKjek9TsS/OZQ4BJwyACcDN9V v18c+3vKdYBaOb9Xe9/WgjA= =MgSi -----END PGP SIGNATURE-----