From security@sco.com Tue Dec 20 19:57:31 2005
From: security@sco.com
To: security-announce@list.sco.com
Date: Tue, 20 Dec 2005 18:27:56 -0500 (EST)
Subject: [Full-disclosure] SCOSA-2005.62 OpenServer 5.0.6 OpenServer 5.0.7 OpenServer 6.0.0 : Xloadimage NIFF Image Title Handling Buffer Overflow Vulnerability

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________

 			SCO Security Advisory

Subject:		OpenServer 5.0.6 OpenServer 5.0.7 OpenServer 6.0.0 : Xloadimage NIFF Image Title Handling Buffer Overflow Vulnerability
Advisory number:	SCOSA-2005.62
Issue date:		2005 December 20
Cross reference:	fz533253
 			CVE-2005-3178
______________________________________________________________________________


1. Problem Description

 	A buffer overflow in xloadimage, might allow user-complicit
 	attackers to execute arbitrary code via a long title name in a
 	NIFF file, which triggers the overflow during (1) zoom, (2)
 	reduce, or (3) rotate operations.

 	The Common Vulnerabilities and Exposures project (cve.mitre.org)
 	has assigned the name CVE-2005-3178 to this issue.


2. Vulnerable Supported Versions

 	System				Binaries
 	----------------------------------------------------------------------
 	OpenServer 5.0.6 		xloadimage
 	OpenServer 5.0.7 		xloadimage
 	OpenServer 6.0.0 		xloadimage


3. Solution

 	The proper solution is to install the latest packages.


4. OpenServer 5.0.6

 	4.1 Location of Fixed Binaries

 	ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.62


 	4.2 Verification

 	MD5 (p533253.507_vol.tar) = 78221b0f25a95be496f47d15f3b869bb

 	md5 is available for download from
 		ftp://ftp.sco.com/pub/security/tools


 	4.3 Installing Fixed Binaries

 	The following package should be installed on your
 	system before you install this fix:

 		OSS646C

 	Upgrade the affected binaries with the following sequence:

 	1) Download p533253.507_vol.tar to a directory.

 	2) Extract VOL* files.

 	   # tar xvf p533253.507_vol.tar

 	3) Run the custom command, specify an install
 	   from media images, and specify the directory as
 	   the location of the images.


5. OpenServer 5.0.7

 	5.1 Location of Fixed Binaries

 	ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.62


 	5.2 Verification

 	MD5 (p533253.507_vol.tar) = 78221b0f25a95be496f47d15f3b869bb

 	md5 is available for download from
 		ftp://ftp.sco.com/pub/security/tools


 	5.3 Installing Fixed Binaries

 	Upgrade the affected binaries with the following sequence:

 	1) Download p533253.507_vol.tar to a directory.

 	2) Extract VOL* files.

 	   # tar xvf p533253.507_vol.tar

 	3) Run the custom command, specify an install
 	   from media images, and specify the directory as
 	   the location of the images.


6. OpenServer 6.0.0

 	6.1 Location of Fixed Binaries

 	ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.62


 	6.2 Verification

 	MD5 (p533253.600_vol.tar) = 1ced968e3d32ff0bd07013a4fd39b503

 	md5 is available for download from
 		ftp://ftp.sco.com/pub/security/tools


 	6.3 Installing Fixed Binaries

 	Upgrade the affected binaries with the following sequence:

 	1) Download p533253.600_vol.tar to a directory.

 	2) Extract VOL* files.

 	   # tar xvf p533253.600_vol.tar

 	3) Run the custom command, specify an install
 	   from media images, and specify the directory as
 	   the location of the images.


7. References

 	Specific references for this advisory:
 		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3178
 		http://secunia.com/advisories/17087
 		http://securitytracker.com/id?1015072
 		http://www.securityfocus.com/bid/15051

 	SCO security resources:
 		http://www.sco.com/support/security/index.html

 	SCO security advisories via email
 		http://www.sco.com/support/forums/security.html

 	This security fix closes SCO incidents fz533253.


8. Disclaimer

 	SCO is not responsible for the misuse of any of the information
 	we provide on this website and/or through our security
 	advisories. Our advisories are a service to our customers
 	intended to promote secure installation and use of SCO
 	products.


9. Acknowledgments

 	SCO would like to thank Ariel Berkman for reporting this
 	vulnerability.

______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (UnixWare)

iD8DBQFDqIocaqoBO7ipriERAnc5AJ9ppjJkLG+UCUu6NpaPdeOPjqwb7QCfSUCD
13f5ej1t4OMfrLeEAu2b1NQ=
=g0gM
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/