Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Security Update: [CSSA-2002-SCO.44] UnixWare 7.1.1 Open UNIX 8.0.0 : uudecode performs inadequate checks on user-specified output files
From: security () caldera com
Date: Wed, 11 Dec 2002 10:48:07 -0800

To: bugtraq () securityfocus com announce () lists caldera com scoannmod () xenitec on ca full-disclosure () lists 
netsys com

______________________________________________________________________________

                        SCO Security Advisory

Subject:                UnixWare 7.1.1 Open UNIX 8.0.0 : uudecode performs inadequate checks on user-specified output 
files
Advisory number:        CSSA-2002-SCO.44
Issue date:             2002 December 11
Cross reference:
______________________________________________________________________________


1. Problem Description

         From CERT VU#336083:

         If an attacker can convince a user to invoke uudecode on a
         malicious file without reviewing the included file name, the
         attacker can cause the user to overwrite any file accessible
         by the user. If the victim user has root privileges, the
         attacker can exploit this vulnerability to overwrite
         arbitrary files. With respect to symbolic links and named
         pipes, attackers who exploit this vulnerability can alter the
         normal operation of system scripts and running processes,
         significantly increasing the risk of system compromise.


2. Vulnerable Supported Versions

        System                          Binaries
        ----------------------------------------------------------------------
        UnixWare 7.1.1                  /usr/bin/uudecode
        Open UNIX 8.0.0                 /usr/bin/uudecode


3. Solution

        The proper solution is to install the latest packages.


4. UnixWare 7.1.1

        4.1 Location of Fixed Binaries

        ftp://ftp.sco.com/pub/updates/OpenUNIX/CSSA-2002-SCO.44


        4.2 Verification

        MD5 (erg712093.pkg.Z) = e893c7c27e181a576fa2289ee807884d

        md5 is available for download from
                ftp://ftp.sco.com/pub/security/tools


        4.3 Installing Fixed Binaries

        Upgrade the affected binaries with the following sequence:

        Download erg712093.pkg.Z to the /var/spool/pkg directory

        # uncompress /var/spool/pkg/erg712093.pkg.Z
        # pkgadd -d /var/spool/pkg/erg712093.pkg


5. Open UNIX 8.0.0

        5.1 Location of Fixed Binaries

        ftp://ftp.sco.com/pub/updates/OpenUNIX/CSSA-2002-SCO.44


        5.2 Verification

        MD5 (erg712093.pkg.Z) = e893c7c27e181a576fa2289ee807884d

        md5 is available for download from
                ftp://ftp.sco.com/pub/security/tools


        5.3 Installing Fixed Binaries

        Upgrade the affected binaries with the following sequence:

        Download erg712093.pkg.Z to the /var/spool/pkg directory

        # uncompress /var/spool/pkg/erg712093.pkg.Z
        # pkgadd -d /var/spool/pkg/erg712093.pkg


6. References

        Specific references for this advisory:

                 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0178
                 http://www.kb.cert.org/vuls/id/336083
                 http://www.aerasec.de/security/index.html?id=ae-200204-033&lang=en

        SCO security resources:

                http://www.sco.com/support/security/index.html

        This security fix closes SCO incidents sr866875, fz521051,
        erg712093.


7. Disclaimer

        SCO is not responsible for the misuse of any of the information
        we provide on this website and/or through our security
        advisories. Our advisories are a service to our customers
        intended to promote secure installation and use of SCO
        products.


8. Acknowledgements

         AERAsec discovered and researched this vulnerability.

______________________________________________________________________________

Attachment: _bin
Description:


  By Date           By Thread  

Current thread:
  • Security Update: [CSSA-2002-SCO.44] UnixWare 7.1.1 Open UNIX 8.0.0 : uudecode performs inadequate checks on user-specified output files security (Dec 11)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]