<<< Date Index >>>     <<< Thread Index >>>

OpenLinux: Integer overflow may allow local users to cause a denial of service or possibly execute arbitrary code



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


______________________________________________________________________________

                        SCO Security Advisory

Subject:                OpenLinux: Integer overflow may allow local users to 
cause a denial of service or possibly execute arbitrary code
Advisory number:        CSSA-2004-006.0
Issue date:             2004 March 01
Cross reference:        sr886799 fz528469 erg712481 CAN-2003-0854 CAN-2003-0853
______________________________________________________________________________


1. Problem Description

        The Common Vulnerabilities and Exposures project (cve.mitre.org)
        has assigned the following names to these issues: 

        CAN-2003-0854   ls in the fileutils or coreutils packages allows 
        local users to consume a large amount of memory via a large -w 
        value, which can be remotely exploited via applications that use 
        ls, such as wu-ftpd. 

        CAN-2003-0853 An integer overflow in ls in the fileutils or 
        coreutils packages may allow local users to cause a denial of 
        service or execute arbitrary code via a large -w value, which 
        could be remotely exploited via applications that use ls, such 
        as wu-ftpd.


2. Vulnerable Supported Versions

        System                          Package
        ----------------------------------------------------------------------
        OpenLinux 3.1.1 Server          prior to fileutils-4.1-6.i386.rpm
        OpenLinux 3.1.1 Workstation     prior to fileutils-4.1-6.i386.rpm


3. Solution

        The proper solution is to install the latest packages. Many
        customers find it easier to use the Caldera System Updater, called
        cupdate (or kcupdate under the KDE environment), to update these
        packages rather than downloading and installing them by hand.


4. OpenLinux 3.1.1 Server

        4.1 Package Location

        
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-006.0/RPMS

        4.2 Packages

        ac55e0177cfef608523de3aafbe245a3        fileutils-4.1-6.i386.rpm

        4.3 Installation

        rpm -Fvh fileutils-4.1-6.i386.rpm

        4.4 Source Package Location

        
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-006.0/SRPMS

        4.5 Source Packages

        e558c5ef3465c06fad85ec4c880a5d04        fileutils-4.1-6.src.rpm


5. OpenLinux 3.1.1 Workstation

        5.1 Package Location

        
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2004-006.0/RPMS

        5.2 Packages

        7cc40a37a1326b93a1da82737dc37483        fileutils-4.1-6.i386.rpm

        5.3 Installation

        rpm -Fvh fileutils-4.1-6.i386.rpm

        5.4 Source Package Location

        
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2004-006.0/SRPMS

        5.5 Source Packages

        d04bac53f3bf74e53d96061e201f36b0        fileutils-4.1-6.src.rpm


6. References

        Specific references for this advisory:
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0854
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0853
                
http://lists.netsys.com/pipermail/full-disclosure/2003-October/012548.html
                http://www.guninski.com/binls.html


        SCO security resources:
                http://www.sco.com/support/security/index.html

        This security fix closes SCO incidents sr886799 fz528469
        erg712481.


7. Disclaimer

        SCO is not responsible for the misuse of any of the information
        we provide on this website and/or through our security
        advisories. Our advisories are a service to our customers intended
        to promote secure installation and use of SCO products.


8. Acknowledgements

        SCO would like to thank Georgi Guninski

______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (SCO/UNIX_SVR5)

iD8DBQFAQ+7VbluZssSXDTERAqOHAKCRadNVYuIr3Vd1Er0Gg/IYmfMtEQCgr/r4
1jpuK7rG81dBvWb7bm5lEAI=
=0S/W
-----END PGP SIGNATURE-----