SCO Security Advisory - OpenServer 5.0.6 OpenServer 5.0.7 OpenServer 6.0.0 : Multiple System Libraries Vulnerabilities.
3799edee6ac32c542aede100f28a5107cb7f3c2ef49e8f8d016a6fb4ec946993
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SCO Security Advisory
Subject: OpenServer 5.0.6 OpenServer 5.0.7 OpenServer 6.0.0 : Multiple System Libraries Vulnerabilities
Advisory number: SCOSA-2006.10
Issue date: 2006 March 14
Cross reference: fz532924 fz532923 fz533164 fz533174 fz533390
CVE-2005-2491 CVE-2005-3183 CVE-2005-3185
______________________________________________________________________________
1. Problem Description
PCRE is prone to a heap-overflow vulnerability. This issue
is due to the library's failure to properly perform boundary
checks on user-supplied input before copying data to an
internal memory buffer. The impact of successful exploitation
of this vulnerability depends on the application and the user
credentials using the vulnerable library. A successful attack
may ultimately permit an attacker to control the contents of
critical memory control structures and write arbitrary data to
arbitrary memory locations. Integer overflow in pcre_compile.c
in Perl Compatible Regular Expressions (PCRE) before 6.2, as
used in multiple products such as Python, Ethereal, and PHP,
allows attackers to execute arbitrary code via quantifier
values in regular expressions, which leads to a heap-based
buffer overflow.
W3C Libwww is prone to multiple vulnerabilities. These issues
include a buffer overflow vulnerability and some issues related
to the handling of multipart/byteranges content. Libwww
5.4.0 is reported to be vulnerable. Other versions may
be affected as well. These issues may also be exploited
through other applications that implement the library. The
HTBoundary_put_block function in HTBound.c for W3C libwww
(w3c-libwww) allows remote servers to cause a denial of service
(segmentation fault) via a crafted multipart/byteranges MIME
message that triggers an out-of-bounds read.
GNU wget and cURL are prone to a buffer overflow vulnerability.
This issue is due to a failure in the applications to do
proper bounds checking on user supplied data before using
it in a memory copy operation. An attacker can exploit this
vulnerability to execute arbitrary code in the context of the
user utilizing the vulnerable application. Exploitation of this
vulnerability requires that NTLM authentication is enabled
in the affected clients. Stack-based buffer overflow in the
ntlm_output function in http-ntlm.c for (1) wget 1.10, (2)
curl 7.13.2, and (3) libcurl 7.13.2, and other products that
use libcurl, when NTLM authentication is enabled, allows remote
servers to execute arbitrary code via a long NTLM username.
The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the names CVE-2005-2491,
CVE-2005-3183, and CVE-2005-3185 to these issues.
2. Vulnerable Supported Versions
System Binaries
----------------------------------------------------------------------
OpenServer 5.0.6 libpcre, libwww, libcurl libraries in the
gwxlibs component
OpenServer 5.0.7 libpcre, libwww, libcurl libraries in the
gwxlibs component
OpenServer 6.0.0 libpcre, libwww, libcurl libraries in the
gwxlibs component
3. Solution
The proper solution is to install the latest packages.
4. OpenServer 5.0.6
4.1 Location of Fixed Binaries
ftp://ftp.sco.com/pub/openserver5/opensrc/gwxlibs-2.1.0Ba/gwxlibs210Ba_vol.tar
4.2 Verification
MD5 (gwxlibs210Ba_vol.tar) = 18213632bd0c5ff1e260eac90aae7033
md5 is available for download from
ftp://ftp.sco.com/pub/security/tools
4.3 Installing Fixed Binaries
Download and install the Supplemental Graphics, Web and X11
Libraries (gwxlibs) version 2.1.0Ba from:
ftp://ftp.sco.com/pub/openserver5/opensrc/gwxlibs-2.1.0Ba/
This supplement can be installed on the following
SCO OpenServer release(s):
SCO OpenServer Release 5.0.6 with RS506A and OSS646C
See:
ftp://ftp.sco.com/pub/openserver5/opensrc/gwxlibs-2.1.0Ba/gwxlibs-2.1.0Ba.txt
5. OpenServer 5.0.7
5.1 Location of Fixed Binaries
ftp://ftp.sco.com/pub/openserver5/507/mp/osr507mp4/osr507mp4_vol.tar
5.2 Verification
MD5 (osr507mp4_vol.tar) = 4c87d840ff5b43221258547d19030228
md5 is available for download from
ftp://ftp.sco.com/pub/security/tools
5.3 Installing Fixed Binaries
See the SCO OpenServer Release 5.0.7 Maintenance Pack 4 Release
and Installation Notes:
ftp://ftp.sco.com/pub/openserver5/507/mp/osr507mp4/osr507mp4.htm
6. OpenServer 6.0.0
6.1 Location of Fixed Binaries
ftp://ftp.sco.com/pub/openserver6/600/mp/osr600mp2/osr600mp2.iso
6.2 Verification
MD5 (osr600mp2.iso) = 7e560dcde374eb60df2b4a599ac20d8a
md5 is available for download from
ftp://ftp.sco.com/pub/security/tools
6.3 Installing Fixed Binaries
See the SCO OpenServer Release 6.0.0 Maintenance Pack 2 Release
and Installation Notes:
ftp://ftp.sco.com/pub/openserver6/600/mp/osr600mp2/osr600mp2.html
7. References
Specific references for this advisory:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2491
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3183
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3185
http://www.securityfocus.com/bid/14620
http://www.securityfocus.com/bid/15035
http://www.securityfocus.com/bid/15102
http://securitytracker.com/id?1014744
http://securitytracker.com/id?1015057
SCO security resources:
http://www.sco.com/support/security/index.html
SCO security advisories via email
http://www.sco.com/support/forums/security.html
This security fix closes SCO incidents fz532924 fz532923 fz533164
fz533174 fz533390.
8. Disclaimer
SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers intended
to promote secure installation and use of SCO products.
______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (UnixWare)
iD8DBQFEFynVaqoBO7ipriERAusBAJ449zh23lL5tq9yV2PpPqoGY3yiDQCfSCw9
/S2QKbSM8J+jGesfDrbV7wU=
=WXg5
-----END PGP SIGNATURE-----