<<< Date Index >>>     <<< Thread Index >>>

UnixWare 7.1.4 UnixWare 7.1.3 UnixWare 7.1.1 : CDE dtlogin unspecified double free



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



______________________________________________________________________________

                        SCO Security Advisory

Subject:                UnixWare 7.1.4 UnixWare 7.1.3 UnixWare 7.1.1 : CDE 
dtlogin unspecified double free
Advisory number:        SCOSA-2005.18
Issue date:             2005 April 7
Cross reference:        sr890079 fz529303 erg712592 CAN-2004-0368 CERT VU#179804
______________________________________________________________________________


1. Problem Description

        The Common Desktop Environment (CDE) dtlogin utility is
        used to log into a CDE session. The CDE dtlogin utility has
        a double-free vulnerability in the X Display Manager Control
        Protocol (XDMCP). By sending a specially-crafted XDMCP
        packet to a vulnerable system, a remote attacker could
        obtain sensitive information, cause a denial of service or
        execute arbitrary code on the system. 

        CERT Vulnerability Note VU#179804, Common Desktop Environment 
        (CDE) dtlogin improperly deallocates memory at 
        http://www.kb.cert.org/vuls/id/179804. 

        The Common Vulnerabilities and Exposures project (cve.mitre.org) 
        has assigned the name CAN-2004-0368 to this issue.


2. Vulnerable Supported Versions

        System                          Binaries
        ----------------------------------------------------------------------
        UnixWare 7.1.4                  /usr/dt/bin/dtgreet
                                        /usr/dt/bin/dtlogin
                                        /usr/dt/lib/libDtLogin.so.1

        UnixWare 7.1.3                  /usr/dt/bin/dtgreet
                                        /usr/dt/bin/dtlogin
                                        /usr/dt/lib/libDtLogin.so.1

        UnixWare 7.1.1                  See Maintenance Pack 5 notes
                                
                        
3. Solution

        The proper solution is to install the latest packages.

4. UnixWare 7.1.4

        4.1 Location of Fixed Binaries

        ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.18

        4.2 Verification

        MD5 (erg712592.pkg.Z) = d3714b22a624db25740f5539c063d407

        md5 is available for download from
                ftp://ftp.sco.com/pub/security/tools


        4.3 Installing Fixed Binaries

        Upgrade the affected binaries with the following sequence:

        Download erg712592.pkg.Z to the /var/spool/pkg directory

        # uncompress /var/spool/pkg/erg712592.pkg.Z
        # pkgadd -d /var/spool/pkg/erg712592.pkg


5. UnixWare 7.1.3

        5.1 Location of Fixed Binaries

        ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.18


        5.2 Verification

        MD5 (erg712592.713.pkg.Z) = fc8d0c4f0ebdcf65504d1b4985c7ba52

        md5 is available for download from
                ftp://ftp.sco.com/pub/security/tools


        5.3 Installing Fixed Binaries

        Upgrade the affected binaries with the following sequence:

        Download erg712592.713.pkg.Z to the /var/spool/pkg directory

        # uncompress /var/spool/pkg/erg712592.713.pkg.Z
        # pkgadd -d /var/spool/pkg/erg712592.713.pkg


6. UnixWare 7.1.1 uw711mp5

        6.1 Location of Fixed Binaries

        The fixes are available in SCO UnixWare Release 7.1.1
        Maintenance Pack 5 or later.  See

        ftp://ftp.sco.com/pub/unixware7/uw711pk/uw711mp5.txt
        and
        ftp://ftp.sco.com/pub/unixware7/uw711pk/uw711mp5_errata.txt

        6.2 Verification

        MD5 (uw711mp5.cpio.Z) = 50bd66b7d57b2025da9dca4010d0ab1a

        md5 is available for download from
                ftp://ftp.sco.com/pub/security/tools

        6.3 Installing Fixed Binaries

        See uw711mp5.txt and uw711mp5_errata.txt for install instructions.


7. References

        Specific references for this advisory:
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0368

        SCO security resources:
                http://www.sco.com/support/security/index.html

        SCO security advisories via email
                http://www.sco.com/support/forums/security.html

        This security fix closes SCO incidents sr890079 fz529303
        erg712592.


8. Disclaimer

        SCO is not responsible for the misuse of any of the information
        we provide on this website and/or through our security
        advisories. Our advisories are a service to our customers
        intended to promote secure installation and use of SCO
        products.


9. Acknowledgments

        SCO would like to thank Dave Aitel

______________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (SCO/SYSV)

iD8DBQFCVYa9aqoBO7ipriERAiKPAJ9tygBRSAMRNqWS2jRKE5PWyJF4+gCff8Em
Hvk5XLjwEg89hCPj96JJ1MM=
=dRsT
-----END PGP SIGNATURE-----