UnixWare 7.1.3 Open UNIX 8.0.0 UnixWare 7.1.1 : CDE libDtHelp buffer overflow
To: announce@xxxxxxxxxxxxx bugtraq@xxxxxxxxxxxxxxxxx
full-disclosure@xxxxxxxxxxxxxxxx
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SCO Security Advisory
Subject: UnixWare 7.1.3 Open UNIX 8.0.0 UnixWare 7.1.1 : CDE
libDtHelp buffer overflow
Advisory number: CSSA-2003-SCO.31
Issue date: 2003 October 31
Cross reference: sr885326 fz528372 erg712445 CAN-2003-083 CERT VU#575804
______________________________________________________________________________
1. Problem Description
The Common Desktop Environment (CDE) is a standard desktop
environment for UNIX based systems. CDE libDTHelp contains
a buffer overflow that can be exploited by a local user
using specially crafted environment variables.
An authenticated local user may be able to execute arbitrary
code with root privileges. There is a possibility that a
user can set the crafted environment variable to gain
elevated privileges during initialization of the dtHelp
application, or applications which link to libtDtHelp.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2003-0834 to this issue. CERT has
assigned the name VU#575804 to this issue
2. Vulnerable Supported Versions
System Binaries
----------------------------------------------------------------------
UnixWare 7.1.3 /usr/dt/lib/libDtHelp.so.1
Open UNIX 8.0.0 /usr/dt/lib/libDtHelp.so.1
UnixWare 7.1.1 /usr/dt/lib/libDtHelp.so.1
3. Solution
The proper solution is to install the latest packages.
4. UnixWare 7.1.3 / Open UNIX 8.0.0 / UnixWare 7.1.1
4.1 Location of Fixed Binaries
ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.31
4.2 Verification
MD5 (erg712445.pkg.Z) = ecd4aaba3c6d0f7a22b7d2812fc9a174
md5 is available for download from
ftp://ftp.sco.com/pub/security/tools
4.3 Installing Fixed Binaries
Upgrade the affected binaries with the following sequence:
Download erg712445.pkg.Z to the /var/spool/pkg directory
# uncompress /var/spool/pkg/erg712445.pkg.Z
# pkgadd -d /var/spool/pkg/erg712445.pkg
5. References
Specific references for this advisory:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0834
http://www.kb.cert.org/vuls/id/575804
SCO security resources:
http://www.sco.com/support/security/index.html
This security fix closes SCO incidents sr885326 fz528372
erg712445.
6. Disclaimer
SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers
intended to promote secure installation and use of SCO
products.
7. Acknowledgments
SCO would like to thank Kevin Kotas from Computer Associates
Intl. eTrust eVM
______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (SCO/UNIX_SVR5)
iD8DBQE/pwZJaqoBO7ipriERAjH3AJ4mYxEOeObr+UMsJBYv0SN1GOI8fgCfZYCp
MdtzcKQfYCslwCLHodM3sdA=
=N1HZ
-----END PGP SIGNATURE-----