OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
security_at_caldera.com
Date: Thu Jan 16 2003 - 15:38:47 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    To: bugtraqsecurityfocus.com announcelists.caldera.com security-alertslinuxsecurity.com full-disclosurelists.netsys

    ______________________________________________________________________________

                            SCO Security Advisory

    Subject: Linux: wget directory traversal and buffer overrun vulnerabilities
    Advisory number: CSSA-2003-003.0
    Issue date: 2003 January 16
    Cross reference:
    ______________________________________________________________________________

    1. Problem Description

            Stefano Zacchiroli found a buffer overrun in the url_filename
            function, which would make wget segfault on very long urls.

            Steven M. Christey discovered that wget did not verify the FTP
            server response to a NLST command: it must not contain any
            directory information, since that can be used to make a FTP
            client overwrite arbitrary files.

    2. Vulnerable Supported Versions

            System Package
            ----------------------------------------------------------------------

            OpenLinux 3.1.1 Server prior to wget-1.7.1-3.i386.rpm

            OpenLinux 3.1.1 Workstation prior to wget-1.7.1-3.i386.rpm

            OpenLinux 3.1 Server prior to wget-1.7.1-3.i386.rpm

            OpenLinux 3.1 Workstation prior to wget-1.7.1-3.i386.rpm

    3. Solution

            The proper solution is to install the latest packages. Many
            customers find it easier to use the Caldera System Updater, called
            cupdate (or kcupdate under the KDE environment), to update these
            packages rather than downloading and installing them by hand.

    4. OpenLinux 3.1.1 Server

            4.1 Package Location

            ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-003.0/RPMS

            4.2 Packages

            0adc5e5568cc589b9ab90ebb0e181e65 wget-1.7.1-3.i386.rpm

            4.3 Installation

            rpm -Fvh wget-1.7.1-3.i386.rpm

            4.4 Source Package Location

            ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-003.0/SRPMS

            4.5 Source Packages

            b443ec3aa56abaa8236a88bffebba036 wget-1.7.1-3.src.rpm

    5. OpenLinux 3.1.1 Workstation

            5.1 Package Location

            ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-003.0/RPMS

            5.2 Packages

            d5ef7e346ec79bead0cba20189904a11 wget-1.7.1-3.i386.rpm

            5.3 Installation

            rpm -Fvh wget-1.7.1-3.i386.rpm

            5.4 Source Package Location

            ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-003.0/SRPMS

            5.5 Source Packages

            02c04170cbdef2de1b1f2c1a478681f7 wget-1.7.1-3.src.rpm

    6. OpenLinux 3.1 Server

            6.1 Package Location

            ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2003-003.0/RPMS

            6.2 Packages

            7c2901898d0cc4d0bbb6132d82fefd0e wget-1.7.1-3.i386.rpm

            6.3 Installation

            rpm -Fvh wget-1.7.1-3.i386.rpm

            6.4 Source Package Location

            ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2003-003.0/SRPMS

            6.5 Source Packages

            b19f59dedcd9b2382a41c8af3cf056d0 wget-1.7.1-3.src.rpm

    7. OpenLinux 3.1 Workstation

            7.1 Package Location

            ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2003-003.0/RPMS

            7.2 Packages

            fbba3488352d9617a0b3b6507633c312 wget-1.7.1-3.i386.rpm

            7.3 Installation

            rpm -Fvh wget-1.7.1-3.i386.rpm

            7.4 Source Package Location

            ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2003-003.0/SRPMS

            7.5 Source Packages

            7a30085d938ad07bde1f67267910a71d wget-1.7.1-3.src.rpm

    8. References

            Specific references for this advisory:

                    http://marc.theaimsgroup.com/?l=bugtraq&m=103962838628940&w=2
                    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1344
                    http://www.kb.cert.org/vuls/id/210148

            SCO security resources:

                    http://www.sco.com/support/security/index.html

            This security fix closes SCO incidents sr872622, fz526854,
            erg712181.

    9. Disclaimer

            SCO is not responsible for the misuse of any of the information
            we provide on this website and/or through our security
            advisories. Our advisories are a service to our customers intended
            to promote secure installation and use of SCO products.

    10. Acknowledgements

            Stefano Zacchiroli and Steve Christey (coleymitre.org)
            discovered and researched these vulnerabilities.

    ______________________________________________________________________________

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.0.6 (SCO_SV)
    Comment: For info see http://www.gnupg.org

    iEYEARECAAYFAj4nJmYACgkQbluZssSXDTGAVQCeKhGY5Pf9yu8VB0Z+cvLY4cO4
    QUsAoIPuxbOV0DTdkcraeK5Q7R/Z/YFh
    =K/3N
    -----END PGP SIGNATURE-----