<<< Date Index >>>     <<< Thread Index >>>

OpenServer 5.0.7 OpenServer 5.0.6 OpenServer 5.0.5 : Multiple security vulnerabilities in Xsco



To: announce@xxxxxxxxxxxxxxxxx bugtraq@xxxxxxxxxxxxxxxxx 
full-disclosure@xxxxxxxxxxxxxxxx

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



______________________________________________________________________________

                        SCO Security Advisory

Subject:                OpenServer 5.0.7 OpenServer 5.0.6 OpenServer 5.0.5 : 
Multiple security vulnerabilities in Xsco
Advisory number:        CSSA-2003-SCO.26
Issue date:             2003 October 10
Cross reference:        sr862609 fz520528 erg712006 sr860995 fz520242 erg711972 
CAN-2002-0158 CAN-2002-0164 
______________________________________________________________________________


1. Problem Description

        This supplement corrects two unrelated security problems in the
        SCO OpenServer "Xsco" X11 server.

        First,

        NSFOCUS Security Team has found a buffer overflow vulnerability
        in Xsun shipped with Solaris system when processing a
        command line parameter "-co", which could enable a local
        attacker to run arbitrary code with root user/root group
        privilege. 
         
        Kevin Finisterre of Snosoft.com discovered that Xsco was also
        vulnerable. 
         
        The Common Vulnerabilities and Exposures (CVE) project has assigned 
        the name CAN-2002-0158 to this issue. This is a candidate for 
        inclusion in the CVE list (http://cve.mitre.org), which standardizes 
        names for security problems. Candidates may change significantly
        before they become official CVE entries.

        Second,

        Roberto Zunino discovered a vulnerability in the MIT-SHM extension in
        all X servers that are running as root.

        Any user with local X access can exploit the MIT-SHM extension and gain
        read/write access to any shared memory segment on the system. 

        The Common Vulnerabilities and Exposures (CVE) project has assigned
        the name CAN-2002-0164 to this issue. This is a candidate for
        inclusion in the CVE list (http://cve.mitre.org), which standardizes
        names for security problems. Candidates may change significantly
        before they become official CVE entries.


2. Vulnerable Supported Versions

        System                          Binaries
        ----------------------------------------------------------------------
        OpenServer 5.0.7                /usr/bin/X11/Xsco
        OpenServer 5.0.6                /usr/bin/X11/Xsco
        OpenServer 5.0.5                /usr/bin/X11/Xsco


3. Solution

        The proper solution is to install the latest packages.


4. OpenServer 5.0.7, OpenServer 5.0.6, OpenServer 5.0.5

        4.1 Location of Fixed Binaries

        ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.26


        4.2 Verification

        MD5 (VOL.000.000) = e7cbf7a8094ba43d44a6657a95673aeb
        MD5 (VOL.001.000) = 2eca28ac86436cec5fa7f059ab2fe850

        md5 is available for download from
                ftp://ftp.sco.com/pub/security/tools


        4.3 Installing Fixed Binaries

        Upgrade the affected binaries with the following sequence:

        1) Download the VOL* files to the /tmp directory

        2) Run the custom command, specify an install from media
        images, and specify the /tmp directory as the location of
        the images.


5. References

        Specific references for this advisory:
                http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0158 
                http://marc.theaimsgroup.com/?l=bugtraq&m=101776858410652&w=2 
                
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0000.html
                http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0164
                http://marc.theaimsgroup.com/?l=bugtraq&m=103547625009363&w=2
                http://xforce.iss.net/xforce/xfdb/8706
                http://www.securityfocus.com/bid/4396
                
http://www.linuxsecurity.com/advisories/caldera_advisory-2006.html
                
ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.14/CSSA-2002-SCO.14.txt
        SCO security resources:

                http://www.sco.com/support/security/index.html

        This security fix closes SCO incidents sr862609 fz520528
        erg712006 sr860995 fz520242 erg711972


6. Disclaimer

        SCO is not responsible for the misuse of any of the information
        we provide on this website and/or through our security
        advisories. Our advisories are a service to our customers
        intended to promote secure installation and use of SCO
        products.

7. Acknowledgments

        SCO would like to thank the NSFOCUS Security Team for finding
        the "-co" vulnerability, and Kevin Finisterre of Snosoft.com for
        confirming its applicability to Xsco.  SCO would also like to
        thank Roberto Zunino for discovering the MIT-SHM vulnerability.

______________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (SCO/UNIX_SVR5)

iD8DBQE/jfZSaqoBO7ipriERAjSbAJkBWpJMSXcQwLFnTTRgVa5vaEXGEgCfeSKa
yS0vg5xrMpoBo3zWeqgpsNQ=
=Abuh
-----END PGP SIGNATURE-----