From security@sco.com Tue Aug 26 17:20:44 2003 From: security@sco.com To: bugtraq@securityfocus.com, announce@lists.caldera.com, full-disclosure@lists.netsys.com, security-alerts@linuxsecurity.com Date: Tue, 26 Aug 2003 10:07:45 -0700 Reply-To: please_reply_to_security@sco.com Subject: [Full-Disclosure] SCO Linux 4.0 : The docview package allows anonymous remote users to view any publicly readable files on a SCO Linux 4.0 system. To: bugtraq@securityfocus.com announce@lists.caldera.com full-disclosure@lists.netsys.com security-alerts@linuxsecurity.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SCO Security Advisory Subject: SCO Linux 4.0 : The docview package allows anonymous remote users to view any publicly readable files on a SCO Linux 4.0 system. Advisory number: CSSA-2003-022.0 Issue date: 2003 August 25 Cross reference: ______________________________________________________________________________ 1. Problem Description Docview provides the SCO Linux System Administration Guide, available in browser HTML format. Due to a misconfiguration of the apache server, anonymous remote users are able to craft a URL in such a way as to view any publicly readable file. The Common Vulnerabilities and Exposures (CVE) project has assigned the name CAN-2003-0658 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems. 2. Vulnerable Supported Versions System Files ---------------------------------------------------------------------- SCO Linux 4.0 /usr/lib/docview/conf/rewrite.conf 3. Solution The proper solution is to install the latest packages. 4. SCO Linux 4.0 4.1 Location of Fixed Binaries The RPMs are only available via the SCO Linux Update Service. For details on how to register for the SCO Linux Update Service please see the Certificate of License and Authenticity (COLA) that came with your SCO Linux 4.0 product or go to: http://www.sco.com/support/registration/ The for all SCO Linux RPMs are available free of charge to download from: ftp://ftp.sco.com/pub/scolinux/server/4.0/updates/SRPMS/ 4.2 Verification MD5 (docview-1.1-18.i386.rpm) = 4e1eec1e251241dd42e1eaee7f47999c md5 is available for download from ftp://ftp.sco.com/pub/security/tools 4.3 Installing Fixed Binaries Upgrade the affected binaries with the following sequence: TO INSTALL/UPGRADE RPM: You can install/upgrade the RPM using the SCO Linux Update Service as follows: apt-get update apt-get install scolinux TO DOWNLOAD RPM: If you wish to download the RPM (without installing it onto your system), you can do so using the SCO Linux Update Service as follows: apt-get update apt-get -d install scolinux The downloaded RPMs will be stored at: /var/cache/apt/archives/ on your local machine. 5. References Specific references for this advisory: none SCO security resources: http://www.sco.com/support/security/index.html This security fix closes SCO incidents CAN-2003-0658 sr882973 fz528170 erg712387. 6. Disclaimer SCO is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of SCO products. 7. Acknowledgments SCO would like to thank Milos Krmesk for discovery of this vulnerability. ______________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (SCO_SV) Comment: For info see http://www.gnupg.org iEYEARECAAYFAj9KgEAACgkQaqoBO7ipriGRXQCfZ57gvEtM3HeKwFfg5avDt6aT Y1cAoJBbm+rM/THBC5RHgbkETF9ApxU9 =AwRl -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html