Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

OpenServer 5.0.6 OpenServer 5.0.7 : uudecode does not check for symlink or pipe
From: please_reply_to_security () sco com
Date: Fri, 30 Jul 2004 13:27:38 -0700 (PDT)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


______________________________________________________________________________

                        SCO Security Advisory

Subject:                OpenServer 5.0.6 OpenServer 5.0.7 : uudecode does not check for symlink or pipe
Advisory number:        SCOSA-2004.12
Issue date:             2004 July 29
Cross reference:        sr864864 fz527541 erg712054 CAN-2002-0178
______________________________________________________________________________


1. Problem Description

        The uudecode utility would create an output file without
        checking to see if it was about to write to a symlink or a
        pipe. If a user uses uudecode to extract data into open
        shared directories, such as /tmp, this vulnerability could
        be used by a local attacker to overwrite files or lead to
        privilege escalation. 

        The Common Vulnerabilities and Exposures project (cve.mitre.org) 
        has assigned the name CAN-2002-0178 to this issue.


2. Vulnerable Supported Versions

        System                          Binaries
        ----------------------------------------------------------------------
        OpenServer 5.0.6                /usr/bin/uudecode
        OpenServer 5.0.7                /usr/bin/uudecode

3. Solution

        The proper solution is to install the latest packages.

4. OpenServer 5.0.6

        4.1 First install oss646b or later

        4.2 Location of oss646c

        ftp://ftp.sco.com/pub/openserver5/oss646c/

        4.3 Verification of oss646c

        MD5 (VOL.000.000) = f19b6c6949f615316bfb075d249989e8
        MD5 (VOL.000.001) = 341ff8553aecd2c7b0c2beaf83030d0f
        MD5 (VOL.000.002) = 6e46708ad8029e12280d4f9ac60ab814
        MD5 (VOL.000.003) = 2868b64a6a6db742adb3b485be645d7e
        MD5 (VOL.000.004) = 1696fe1db9bb063827ee5e76e58dff84
        MD5 (VOL.000.005) = f39da342f8af72fcaccdf478dca04109
        MD5 (VOL.000.006) = 2b31611c8af7d2e7910d6e8e3cf701a6
        MD5 (VOL.000.007) = d0175c0f4e3ed29435b1eab95609f8f4
        MD5 (VOL.000.008) = aa9e8a525c341fed077f981b1dacb486
        MD5 (VOL.000.009) = 8e023af67b57507824406bdda322079a
        MD5 (VOL.000.010) = 2b46e8adba8ae0b64109f2069da978a2

        4.4 Location of Fixed Binaries

        ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.12

        4.5 Verification

        MD5 (VOL.000.000) = 53e8739812e5bfd7f3504d467e979019

        md5 is available for download from
                ftp://ftp.sco.com/pub/security/tools


        4.6 Installing Fixed Binaries

        Upgrade the affected binaries with the following sequence:

        1) Download the VOL* files to the /tmp directory

        2) Run the custom command, specify an install from media
        images, and specify the /tmp directory as the location of
        the images.


5. OpenServer 5.0.7

        5.1 Location of Fixed Binaries

        ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.12

        The fixes are also available in SCO OpenServer Release 5.0.7
        Maintenance Pack 3 or later.  See
        http://www.sco.com/support/update/download/osr507list.html.

        5.2 Verification

        MD5 (VOL.000.000) = 53e8739812e5bfd7f3504d467e979019

        MD5 (507mp3_vol.tar) = c927aefdd50b50aca5d29e08c1562aec

        md5 is available for download from
                ftp://ftp.sco.com/pub/security/tools


        5.3 Installing Fixed Binaries

        Upgrade the affected binaries with the following sequence:

        1) Download the VOL* files to the /tmp directory

        2) Run the custom command, specify an install from media
        images, and specify the /tmp directory as the location of
        the images.

        Or see the Maintenance Pack 3 Release and Installation Notes at

        ftp://ftp.sco.com/pub/openserver5/507/mp/mp3/osr507mp3.txt


6. References

        Specific references for this advisory:
                http://www.aerasec.de/security/index.html?id=ae-200204-033&lang=en 
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0178

        SCO security resources:
                http://www.sco.com/support/security/index.html
        SCO security advisories via email
                http://www.sco.com/support/forums/security.html

        This security fix closes SCO incidents sr864864 fz527541
        erg712054.


7. Disclaimer

        SCO is not responsible for the misuse of any of the information
        we provide on this website and/or through our security
        advisories. Our advisories are a service to our customers
        intended to promote secure installation and use of SCO
        products.

______________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (SCO/UNIX_SVR5)

iD8DBQFBCqGmaqoBO7ipriERAiTGAJsFXtXRf+Gp7oo6F8W6Un5uLm01CQCbBPPk
YHPyFvekzIswp7A8jQAuw34=
=9v1h
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
  • OpenServer 5.0.6 OpenServer 5.0.7 : uudecode does not check for symlink or pipe please_reply_to_security (Jul 31)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]