OpenServer 5.0.7 OpenServer 5.0.6 OpenServer 5.0.5 : Various Apache security fixes
To: announce@xxxxxxxxxxxxxxxxx bugtraq@xxxxxxxxxxxxxxxxx
full-disclosure@xxxxxxxxxxxxxxxx
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SCO Security Advisory
Subject: OpenServer 5.0.7 OpenServer 5.0.6 OpenServer 5.0.5 :
Various Apache security fixes
Advisory number: CSSA-2003-SCO.28
Issue date: 2003 November 06
Cross reference: sr875660 fz527514 erg712258 sr886043 fz528422 erg712464
sr886994 fz528484 erg712486 sr886997 fz528487 erg712489 sr879164 fz527929
erg712354 CAN-2003-0192 CAN-2003-0542 CAN-2002-1396 CAN-2003-0166 CAN-2003-0442
______________________________________________________________________________
1. Problem Description
The issues are:
CAN-2003-0192 Apache 2 before 2.0.47, and certain versions of mod_ssl
for Apache 1.3, do not properly handle "certain sequences of per-
directory renegotiations and the SSLCipherSuite directive being used to
upgrade from a weak ciphersuite to a strong one," which could cause
Apache to use the weak ciphersuite.
CAN-2003-0542 Apache 2.0.48 addresses two security vulnerabilities, one
of which is a buffer overflow in mod_alias and mod_rewrite. A buffer
overflow could occur in mod_alias and mod_rewrite when a regular
expression with more than 9 captures is configured.
CAN-2002-1396 Heap-based buffer overflow in the wordwrap function in PHP
after 4.1.2 and before 4.3.0 may allow attackers to cause a denial of
service or execute arbitrary code.
CAN-2003-0166 Integer signedness error in emalloc() function for PHP
before 4.3.2 allow remote attackers to cause a denial of service (memory
consumption) and possibly execute arbitrary code via negative arguments
to functions such as (1) socket_recv, (2) socket_recvfrom, and possibly
other functions.
CAN-2003-0442 Cross-site scripting(XSS) vulnerability in the transparent
SID support capability for PHP before 4.3.2 (session.use_trans_sid)
allows remote attackers to insert arbitrary script via the PHPSESSID
parameter.
2. Vulnerable Supported Versions
System Binaries
----------------------------------------------------------------------
OpenServer 5.0.7 Apache distribution
OpenServer 5.0.6 Apache distribution
OpenServer 5.0.5 Apache distribution
3. Solution
The proper solution is to install the latest packages.
4. OpenServer 5.0.7
4.1 First install Maintenance Pack 1
ftp://ftp.sco.com/pub/openserver5/507/osr507mp/
4.2 Next install the new gwxlibs-1.3.2Ag
ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.29
4.3 Next install the new perl-5.8.1Ab
ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.30
4.4 Location of Fixed Binaries
ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.28
4.5 Verification
MD5 (VOL.000.000) = 7f1991a2e20b51f0482a88a3d9cfd199
MD5 (VOL.000.001) = 046230a639d155e8e977d68d3aa9bfd7
MD5 (VOL.000.002) = 4813b72228a7796608a27835eafefbf7
MD5 (VOL.000.003) = 2fd98496393cdae1ad726d9534b5ff4e
MD5 (VOL.000.004) = c5043af48ab75e70bdf2b836ef0a8195
MD5 (VOL.000.005) = d1f627721494b2dcf50f4b90acb7d52a
MD5 (VOL.000.006) = 57ee69d863d14a93b1afa7c3bc81f901
MD5 (VOL.000.007) = 2066d39463d5d085706e1d1e6388a76a
MD5 (VOL.000.008) = 77549fb84fac4040d113867f4ee9725b
md5 is available for download from
ftp://ftp.sco.com/pub/security/tools
4.6 Installing Fixed Binaries
Upgrade the affected binaries with the following sequence:
1) Download the VOL* files to the /tmp directory
2) Run the custom command, specify an install from media
images, and specify the /tmp directory as the location of
the images.
5. OpenServer 5.0.6 / OpenServer 5.0.5
5.1 First install OSS646B - Execution Environment Supplement
ftp://ftp.sco.com/pub/openserver5/oss646b
5.2 Next install the new gwxlibs-1.3.2Ag
ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.29
5.3 Next install the new perl-5.8.1Ab
ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.30
5.4 Location of Fixed Binaries
ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.28
5.5 Verification
MD5 (VOL.000.000) = 7f1991a2e20b51f0482a88a3d9cfd199
MD5 (VOL.000.001) = 046230a639d155e8e977d68d3aa9bfd7
MD5 (VOL.000.002) = 4813b72228a7796608a27835eafefbf7
MD5 (VOL.000.003) = 2fd98496393cdae1ad726d9534b5ff4e
MD5 (VOL.000.004) = c5043af48ab75e70bdf2b836ef0a8195
MD5 (VOL.000.005) = d1f627721494b2dcf50f4b90acb7d52a
MD5 (VOL.000.006) = 57ee69d863d14a93b1afa7c3bc81f901
MD5 (VOL.000.007) = 2066d39463d5d085706e1d1e6388a76a
MD5 (VOL.000.008) = 77549fb84fac4040d113867f4ee9725b
md5 is available for download from
ftp://ftp.sco.com/pub/security/tools
5.6 Installing Fixed Binaries
Upgrade the affected binaries with the following sequence:
1) Download the VOL* files to the /tmp directory
2) Run the custom command, specify an install from media
images, and specify the /tmp directory as the location of
the images.
6. References
Specific references for this advisory:
http://www.apache.org/dist/httpd/Announcement2.html
http://www.securityfocus.com/archive/1/342674
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0192
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0542
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1396
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0442
SCO security resources:
http://www.sco.com/support/security/index.html
This security fix closes SCO incidents sr875660 fz527514 erg712258
sr886043 fz528422 erg712464 sr886994 fz528484 erg712486 sr886997 fz528487
erg712489 sr879164 fz527929 erg712354.
7. Disclaimer
SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers
intended to promote secure installation and use of SCO
products.
______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (SCO/UNIX_SVR5)
iD8DBQE/qv/AaqoBO7ipriERAoMjAJ0eve/LJKnOKjek9TsS/OZQ4BJwyACcDN9V
v18c+3vKdYBaOb9Xe9/WgjA=
=MgSi
-----END PGP SIGNATURE-----