From security@sco.com Fri Nov 7 15:43:44 2003 From: security@sco.com To: announce@lists.sco.com, bugtraq@securityfocus.com, full-disclosure@lists.netsys.com Date: Fri, 7 Nov 2003 11:11:22 -0800 Reply-To: please_reply_to_security@sco.com Subject: UnixWare 7.1.3 Open UNIX 8.0.0 UnixWare 7.1.1 : CDE libDtHelp buffer overflow To: announce@lists.sco.com bugtraq@securityfocus.com full-disclosure@lists.netsys.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SCO Security Advisory Subject: UnixWare 7.1.3 Open UNIX 8.0.0 UnixWare 7.1.1 : CDE libDtHelp buffer overflow Advisory number: CSSA-2003-SCO.31 Issue date: 2003 October 31 Cross reference: sr885326 fz528372 erg712445 CAN-2003-083 CERT VU#575804 ______________________________________________________________________________ 1. Problem Description The Common Desktop Environment (CDE) is a standard desktop environment for UNIX based systems. CDE libDTHelp contains a buffer overflow that can be exploited by a local user using specially crafted environment variables. An authenticated local user may be able to execute arbitrary code with root privileges. There is a possibility that a user can set the crafted environment variable to gain elevated privileges during initialization of the dtHelp application, or applications which link to libtDtHelp. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0834 to this issue. CERT has assigned the name VU#575804 to this issue 2. Vulnerable Supported Versions System Binaries ---------------------------------------------------------------------- UnixWare 7.1.3 /usr/dt/lib/libDtHelp.so.1 Open UNIX 8.0.0 /usr/dt/lib/libDtHelp.so.1 UnixWare 7.1.1 /usr/dt/lib/libDtHelp.so.1 3. Solution The proper solution is to install the latest packages. 4. UnixWare 7.1.3 / Open UNIX 8.0.0 / UnixWare 7.1.1 4.1 Location of Fixed Binaries ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.31 4.2 Verification MD5 (erg712445.pkg.Z) = ecd4aaba3c6d0f7a22b7d2812fc9a174 md5 is available for download from ftp://ftp.sco.com/pub/security/tools 4.3 Installing Fixed Binaries Upgrade the affected binaries with the following sequence: Download erg712445.pkg.Z to the /var/spool/pkg directory # uncompress /var/spool/pkg/erg712445.pkg.Z # pkgadd -d /var/spool/pkg/erg712445.pkg 5. References Specific references for this advisory: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0834 http://www.kb.cert.org/vuls/id/575804 SCO security resources: http://www.sco.com/support/security/index.html This security fix closes SCO incidents sr885326 fz528372 erg712445. 6. Disclaimer SCO is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of SCO products. 7. Acknowledgments SCO would like to thank Kevin Kotas from Computer Associates Intl. eTrust eVM ______________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (SCO/UNIX_SVR5) iD8DBQE/pwZJaqoBO7ipriERAjH3AJ4mYxEOeObr+UMsJBYv0SN1GOI8fgCfZYCp MdtzcKQfYCslwCLHodM3sdA= =N1HZ -----END PGP SIGNATURE-----