<<< Date Index >>>     <<< Thread Index >>>

OpenServer 5.0.7 OpenServer 5.0.6 OpenServer 5.0.5 : Various Apache security fixes



To: announce@xxxxxxxxxxxxxxxxx bugtraq@xxxxxxxxxxxxxxxxx 
full-disclosure@xxxxxxxxxxxxxxxx

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


______________________________________________________________________________

                        SCO Security Advisory

Subject:                OpenServer 5.0.7 OpenServer 5.0.6 OpenServer 5.0.5 : 
Various Apache security fixes
Advisory number:        CSSA-2003-SCO.28
Issue date:             2003 November 06
Cross reference:        sr875660 fz527514 erg712258 sr886043 fz528422 erg712464 
sr886994 fz528484 erg712486 sr886997 fz528487 erg712489 sr879164 fz527929 
erg712354 CAN-2003-0192 CAN-2003-0542 CAN-2002-1396 CAN-2003-0166 CAN-2003-0442
______________________________________________________________________________


1. Problem Description

The issues are:

        CAN-2003-0192 Apache 2 before 2.0.47, and certain versions of mod_ssl 
        for  Apache 1.3, do not properly handle "certain sequences of per-
        directory renegotiations and the SSLCipherSuite directive being used to 
        upgrade from a  weak ciphersuite to a strong one," which could cause 
        Apache to use the weak ciphersuite.

        CAN-2003-0542 Apache 2.0.48 addresses two security vulnerabilities, one
        of which is a buffer overflow in mod_alias and mod_rewrite.  A buffer 
        overflow could occur in mod_alias and mod_rewrite when a regular 
        expression with more than 9 captures is configured. 

        CAN-2002-1396 Heap-based buffer overflow in the wordwrap function in PHP
        after 4.1.2 and before 4.3.0 may allow attackers to cause a denial of 
        service or execute arbitrary code.

        CAN-2003-0166 Integer signedness error in emalloc() function for PHP 
        before 4.3.2 allow remote attackers to cause a denial of service (memory
        consumption) and possibly execute arbitrary code via negative arguments
        to functions such as (1) socket_recv, (2) socket_recvfrom, and possibly 
        other functions. 

        CAN-2003-0442 Cross-site scripting(XSS) vulnerability in the transparent
        SID support capability for PHP before 4.3.2 (session.use_trans_sid) 
        allows remote attackers to insert arbitrary script via the PHPSESSID 
        parameter. 


2. Vulnerable Supported Versions

        System                          Binaries
        ----------------------------------------------------------------------
        OpenServer 5.0.7                Apache distribution
        OpenServer 5.0.6                Apache distribution
        OpenServer 5.0.5                Apache distribution

3. Solution

        The proper solution is to install the latest packages.


4. OpenServer 5.0.7

        4.1 First install Maintenance Pack 1    

        ftp://ftp.sco.com/pub/openserver5/507/osr507mp/
        
        4.2 Next install the new gwxlibs-1.3.2Ag

        ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.29

        4.3 Next install the new perl-5.8.1Ab

        ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.30

        4.4 Location of Fixed Binaries

        ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.28


        4.5 Verification

        MD5 (VOL.000.000) = 7f1991a2e20b51f0482a88a3d9cfd199
        MD5 (VOL.000.001) = 046230a639d155e8e977d68d3aa9bfd7
        MD5 (VOL.000.002) = 4813b72228a7796608a27835eafefbf7
        MD5 (VOL.000.003) = 2fd98496393cdae1ad726d9534b5ff4e
        MD5 (VOL.000.004) = c5043af48ab75e70bdf2b836ef0a8195
        MD5 (VOL.000.005) = d1f627721494b2dcf50f4b90acb7d52a
        MD5 (VOL.000.006) = 57ee69d863d14a93b1afa7c3bc81f901
        MD5 (VOL.000.007) = 2066d39463d5d085706e1d1e6388a76a
        MD5 (VOL.000.008) = 77549fb84fac4040d113867f4ee9725b

        md5 is available for download from
                ftp://ftp.sco.com/pub/security/tools


        4.6 Installing Fixed Binaries

        Upgrade the affected binaries with the following sequence:

        1) Download the VOL* files to the /tmp directory

        2) Run the custom command, specify an install from media
        images, and specify the /tmp directory as the location of
        the images.


5. OpenServer 5.0.6 / OpenServer 5.0.5

        5.1 First install OSS646B - Execution Environment Supplement

        ftp://ftp.sco.com/pub/openserver5/oss646b

        5.2 Next install the new gwxlibs-1.3.2Ag

        ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.29

        5.3 Next install the new perl-5.8.1Ab
        
        ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.30

        5.4 Location of Fixed Binaries

        ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.28

        5.5 Verification

        MD5 (VOL.000.000) = 7f1991a2e20b51f0482a88a3d9cfd199
        MD5 (VOL.000.001) = 046230a639d155e8e977d68d3aa9bfd7
        MD5 (VOL.000.002) = 4813b72228a7796608a27835eafefbf7
        MD5 (VOL.000.003) = 2fd98496393cdae1ad726d9534b5ff4e
        MD5 (VOL.000.004) = c5043af48ab75e70bdf2b836ef0a8195
        MD5 (VOL.000.005) = d1f627721494b2dcf50f4b90acb7d52a
        MD5 (VOL.000.006) = 57ee69d863d14a93b1afa7c3bc81f901
        MD5 (VOL.000.007) = 2066d39463d5d085706e1d1e6388a76a
        MD5 (VOL.000.008) = 77549fb84fac4040d113867f4ee9725b

        md5 is available for download from
                ftp://ftp.sco.com/pub/security/tools


        5.6 Installing Fixed Binaries

        Upgrade the affected binaries with the following sequence:

        1) Download the VOL* files to the /tmp directory

        2) Run the custom command, specify an install from media
        images, and specify the /tmp directory as the location of
        the images.

6. References

        Specific references for this advisory:
                http://www.apache.org/dist/httpd/Announcement2.html 
                http://www.securityfocus.com/archive/1/342674
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0192
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0542
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1396
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0166
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0442

        SCO security resources:
                http://www.sco.com/support/security/index.html

        This security fix closes SCO incidents sr875660 fz527514 erg712258 
sr886043 fz528422 erg712464 sr886994 fz528484 erg712486 sr886997 fz528487 
erg712489 sr879164 fz527929 erg712354.


7. Disclaimer

        SCO is not responsible for the misuse of any of the information
        we provide on this website and/or through our security
        advisories. Our advisories are a service to our customers
        intended to promote secure installation and use of SCO
        products.

______________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (SCO/UNIX_SVR5)

iD8DBQE/qv/AaqoBO7ipriERAoMjAJ0eve/LJKnOKjek9TsS/OZQ4BJwyACcDN9V
v18c+3vKdYBaOb9Xe9/WgjA=
=MgSi
-----END PGP SIGNATURE-----