To: bugtraqsecurityfocus.com announcelists.caldera.com scoannmodxenitec.on.ca full-disclosurelists.netsys.com

______________________________________________________________________________

                        SCO Security Advisory

Subject: UnixWare 7.1.1 Open UNIX 8.0.0 : uudecode performs inadequate checks on user-specified output files
Advisory number: CSSA-2002-SCO.44
Issue date: 2002 December 11
Cross reference:
______________________________________________________________________________

1. Problem Description

         From CERT VU#336083:

         If an attacker can convince a user to invoke uudecode on a
         malicious file without reviewing the included file name, the
         attacker can cause the user to overwrite any file accessible
         by the user. If the victim user has root privileges, the
         attacker can exploit this vulnerability to overwrite
         arbitrary files. With respect to symbolic links and named
         pipes, attackers who exploit this vulnerability can alter the
         normal operation of system scripts and running processes,
         significantly increasing the risk of system compromise.

2. Vulnerable Supported Versions

        System Binaries
        ----------------------------------------------------------------------
        UnixWare 7.1.1 /usr/bin/uudecode
        Open UNIX 8.0.0 /usr/bin/uudecode

3. Solution

        The proper solution is to install the latest packages.

4. UnixWare 7.1.1

        4.1 Location of Fixed Binaries

        ftp://ftp.sco.com/pub/updates/OpenUNIX/CSSA-2002-SCO.44

        4.2 Verification

        MD5 (erg712093.pkg.Z) = e893c7c27e181a576fa2289ee807884d

        md5 is available for download from
                ftp://ftp.sco.com/pub/security/tools

        4.3 Installing Fixed Binaries

        Upgrade the affected binaries with the following sequence:

        Download erg712093.pkg.Z to the /var/spool/pkg directory

        # uncompress /var/spool/pkg/erg712093.pkg.Z
        # pkgadd -d /var/spool/pkg/erg712093.pkg

5. Open UNIX 8.0.0

        5.1 Location of Fixed Binaries

        ftp://ftp.sco.com/pub/updates/OpenUNIX/CSSA-2002-SCO.44

        5.2 Verification

        MD5 (erg712093.pkg.Z) = e893c7c27e181a576fa2289ee807884d

        md5 is available for download from
                ftp://ftp.sco.com/pub/security/tools

        5.3 Installing Fixed Binaries

        Upgrade the affected binaries with the following sequence:

        Download erg712093.pkg.Z to the /var/spool/pkg directory

        # uncompress /var/spool/pkg/erg712093.pkg.Z
        # pkgadd -d /var/spool/pkg/erg712093.pkg

6. References

        Specific references for this advisory:

                 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0178
                 http://www.kb.cert.org/vuls/id/336083
                 http://www.aerasec.de/security/index.html?id=ae-200204-033&lang=en

        SCO security resources:

                http://www.sco.com/support/security/index.html

        This security fix closes SCO incidents sr866875, fz521051,
        erg712093.

7. Disclaimer

        SCO is not responsible for the misuse of any of the information
        we provide on this website and/or through our security
        advisories. Our advisories are a service to our customers
        intended to promote secure installation and use of SCO
        products.

8. Acknowledgements

         AERAsec discovered and researched this vulnerability.

______________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAj33iGcACgkQaqoBO7ipriFcrwCfehGyUsRiNoYbHCjy2V4kbDRO
VZYAniNTJ/PLPiVxhEmH4gRXPhOAuYCj
=5gaQ
-----END PGP SIGNATURE-----

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]