From security@sco.com Wed Mar 29 10:59:05 2006 From: SCO Security Advisories To: security-announce@list.sco.com Date: Wed, 29 Mar 2006 08:35:54 -0800 Subject: [Full-disclosure] SCOSA-2006.16 UnixWare 7.1.4 : libcurl URL Parsing Vulnerability -- Dr. Ronald Joe Record Chief Security Officer SCO rr@sco.com [ Part 2: "Attached Text" ] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SCO Security Advisory Subject: UnixWare 7.1.4 : libcurl URL Parsing Vulnerability Advisory number: SCOSA-2006.16 Issue date: 2006 March 28 Cross reference: fz533390 CVE-2005-4077 ______________________________________________________________________________ 1. Problem Description This vulnerability is caused due to an off-by-one error when parsing a URL that is longer than 256 bytes. By using a specially crafted URL, a two-byte overflow is reportedly possible. This may be exploited to corrupt memory allocation structures. The vulnerability is reportedly exploitable only via a direct request to cURL and not via a redirect. The vulnerability has been reported in version 7.15.0 and prior. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-4077 to this issue. 2. Vulnerable Supported Versions System Binaries ---------------------------------------------------------------------- UnixWare 7.1.4 The curl package 3. Solution The proper solution is to install the latest packages. 4. UnixWare 7.1.4 4.1 Location of Fixed Binaries ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.16 4.2 Verification MD5 (curl-7.15.1.pkg) = 62f7076f2d1096e131dd0e9780ee15fd md5 is available for download from ftp://ftp.sco.com/pub/security/tools 4.3 Installing Fixed Binaries Upgrade the affected binaries with the following sequence: Download curl-7.15.1.pkg to the /var/spool/pkg directory # pkgadd -d /var/spool/pkg/curl-7.15.1.pkg 5. References Specific references for this advisory: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4077 http://www.hardened-php.net/advisory_242005.109.html http://secunia.com/advisories/17907/ SCO security resources: http://www.sco.com/support/security/index.html SCO security advisories via email http://www.sco.com/support/forums/security.html This security fix closes SCO incidents fz533390. 6. Disclaimer SCO is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of SCO products. 7. Acknowledgments Provided and/or discovered by: Stefan Esser, Hardened PHP Project. ______________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (SCO_SV) iD8DBQFEKdepaqoBO7ipriERAlsyAJ9sVkFxf4AbhIQ/vLh9NkoZbfNkbgCgqR5j daTMqYraFNp/w0886giZpFc= =pBhs -----END PGP SIGNATURE----- [ Part 3: "Attached Text" ] _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/