From security@sco.com Thu Oct 20 14:20:43 2005
From: security@sco.com
To: security-announce@list.sco.com
Date: Thu, 20 Oct 2005 14:14:23 -0400 (EDT)
Subject: [Full-disclosure] SCOSA-2005.42 Xpdf PDF Viewer Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________

 			SCO Security Advisory

Subject:		OpenServer 5.0.7 OpenServer 6.0.0 : Xpdf PDF Viewer Multiple Vulnerabilities
Advisory number: 	SCOSA-2005.42
Issue date: 		2005 October 18
Cross reference:	sr894841 fz532914 erg712913
 			sr894861 fz532913 erg712914
 			CAN-2004-1125 CAN-2005-0064 CAN-2005-2097
______________________________________________________________________________


1. Problem Description

 	Xpdf is an open-source viewer for Portable Document Format (PDF)
 	files.

 	Buffer overflow in xpdf 3.00, allows remote attackers to cause a
 	denial of service (application crash) and possibly execute
 	arbitrary code via a crafted PDF file that causes the boundaries
 	of a maskColors array to be exceeded.

 	The Common Vulnerabilities and Exposures project (cve.mitre.org)
 	has assigned the name CAN-2004-1125 to this issue.

 	Buffer overflow in xpdf 3.00 and earlier allows remote attackers
 	to execute arbitrary code via a PDF file with a large /Encrypt
 	/Length keyLength value.

 	The Common Vulnerabilities and Exposures project (cve.mitre.org)
 	has assigned the name CAN-2005-0064 to this issue.

 	xpdf do not properly validate the "loca" table in PDF files, which
 	allows local users to cause a denial of service (disk consumption
 	and hang) via a PDF file with a "broken" loca table, which causes
 	a large temporary file to be created when xpdf attempts to
 	reconstruct the information.

 	The Common Vulnerabilities and Exposures project (cve.mitre.org)
 	has assigned the name CAN-2005-2097 to this issue.


2. Vulnerable Supported Versions

 	System				Binaries
 	----------------------------------------------------------------------
 	OpenServer 5.0.7 		xpdf distribution
 	OpenServer 6.0.0 		xpdf distribution


3. Solution

 	The proper solution is to install the latest packages.


4. OpenServer 5.0.7

 	4.1 Location of Fixed Binaries

 	ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.42/507


 	4.2 Verification

 	MD5 (VOL.000.000) = 91322dcd210248ba4607235cb3e09436
 	MD5 (VOL.000.001) = c846cdfce81f1487c3684ee3af046fa5
 	MD5 (VOL.000.002) = be20d0832276353840517a3315853044
 	MD5 (VOL.000.003) = 748004313dcaf8827edc261ee196c035

 	md5 is available for download from
 		ftp://ftp.sco.com/pub/security/tools


 	4.3 Installing Fixed Binaries

         Upgrade the affected binaries with the following sequence:

         1) Download the VOL* files to a directory

         2) Run the custom command, specify an install from media
            images, and specify the directory as the location of the
            images.


5. OpenServer 6.0.0

 	5.1 Location of Fixed Binaries

 	ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.42/600


 	5.2 Verification

 	MD5 (VOL.000.000) = 2aa83f054b614c2db53418111bd2bfb0
 	MD5 (VOL.000.001) = e93806f0d79c1f9a925aeed1f4b7f659
 	MD5 (VOL.000.002) = 130e116d8463b57592955064a6e86fd6
 	MD5 (VOL.000.003) = a2d2a47f067527aa5a28c1a9721257b6

 	md5 is available for download from
 		ftp://ftp.sco.com/pub/security/tools


 	5.3 Installing Fixed Binaries

 	Upgrade the affected binaries with the following sequence:

         1) Download the VOL* files to a directory

         2) Run the custom command, specify an install from media
            images, and specify the directory as the location of the
            images.


6. References

 	Specific references for this advisory:
 		http://www.idefense.com/application/poi/display?id=172&type=vulnerabilities
 		http://www.idefense.com/application/poi/display?id=186&type=vulnerabilities
 		http://lists.grok.org.uk/pipermail/full-disclosure/2004-December/030241.html

 	SCO security resources:
 		http://www.sco.com/support/security/index.html
 	SCO security advisories via email
 		http://www.sco.com/support/forums/security.html

 	This security fix closes SCO incidents:
 		sr894841 fz532914 erg712913
 		sr894861 fz532913 erg712914


7. Disclaimer

 	SCO is not responsible for the misuse of any of the information
 	we provide on this website and/or through our security
 	advisories. Our advisories are a service to our customers
 	intended to promote secure installation and use of SCO
 	products.

______________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (UnixWare)

iD8DBQFDVWDWaqoBO7ipriERAmJgAJ0d2AivC+71xWSPdrXYhJKpml0t3QCfSJiF
ka+J/vTtjx3Te+mMsG+ldeI=
=d7RF
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/