UnixWare 7.1.4 UnixWare 7.1.3 UnixWare 7.1.1 : telnet client multiple issues

To: security-announce@xxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx, full-disclosure@xxxxxxxxxxxxxxxx
Subject: UnixWare 7.1.4 UnixWare 7.1.3 UnixWare 7.1.1 : telnet client multiple issues
From: please_reply_to_security@xxxxxxx
Date: Fri, 8 Apr 2005 12:40:27 -0700
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Reply-to: please_reply_to_security@xxxxxxx
User-agent: Mutt/1.2.5i

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


______________________________________________________________________________

                        SCO Security Advisory

Subject:                UnixWare 7.1.4 UnixWare 7.1.3 UnixWare 7.1.1 : telnet 
client multiple issues
Advisory number:        SCOSA-2005.21
Issue date:             2005 April 08
Cross reference:        sr893210 fz531446 erg712801 CAN-2005-0469 CAN-2005-0468
______________________________________________________________________________


1. Problem Description

        Buffer overflow in the slc_add_reply function in various
        BSD-based Telnet clients, when handling LINEMODE suboptions,
        allows remote attackers to execute arbitrary code via a
        reply with a large number of Set Local Character (SLC)
        commands. 

        The Common Vulnerabilities and Exposures project (cve.mitre.org) 
        has assigned the name CAN-2005-0469 to this issue. 

        Heap-based buffer overflow in the env_opt_add function
        in telnet.c for various BSD-based Telnet clients allows
        remote attackers to execute arbitrary code via responses
        that contain a large number of characters that require
        escaping, which consumers more memory than allocated. 
        
        The Common Vulnerabilities and Exposures project (cve.mitre.org)
        has assigned the name CAN-2005-0468 to this issue.


2. Vulnerable Supported Versions

        System                          Binaries
        ----------------------------------------------------------------------
        UnixWare 7.1.4                  /usr/bin/telnet
        UnixWare 7.1.3                  /usr/bin/telnet
        UnixWare 7.1.1                  /usr/bin/telnet


3. Solution

        The proper solution is to install the latest packages.


4. UnixWare 7.1.4

        4.1 Location of Fixed Binaries

        ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.21

        4.2 Verification

        MD5 (erg712801.714.pkg.Z) = bf53673ea12a1c25e3606a5b879adbc4

        md5 is available for download from
                ftp://ftp.sco.com/pub/security/tools

        4.3 Installing Fixed Binaries

        Upgrade the affected binaries with the following sequence:

        Download erg712801.714.pkg.Z to the /var/spool/pkg directory

        # uncompress /var/spool/pkg/erg712801.714.pkg.Z
        # pkgadd -d /var/spool/pkg/erg712801.714.pkg


5. UnixWare 7.1.3

        5.1 Location of Fixed Binaries

        ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.21

        5.2 Verification

        MD5 (erg712801.713.pkg.Z) = e876b261afbecb41c18c26d6ec11e71d

        md5 is available for download from
                ftp://ftp.sco.com/pub/security/tools

        5.3 Installing Fixed Binaries

        Upgrade the affected binaries with the following sequence:

        Download erg712801.713.pkg.Z to the /var/spool/pkg directory

        # uncompress /var/spool/pkg/erg712801.713.pkg.Z
        # pkgadd -d /var/spool/pkg/erg712801.713.pkg


6. UnixWare 7.1.1

        6.1 Location of Fixed Binaries

        ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.21

        6.2 Verification

        MD5 (erg712801.711.pkg.Z) = f3099416a793c1f731bc7e377fe0e4a2

        md5 is available for download from
                ftp://ftp.sco.com/pub/security/tools

        6.3 Installing Fixed Binaries

        Upgrade the affected binaries with the following sequence:

        Download erg712801.711.pkg.Z to the /var/spool/pkg directory

        # uncompress /var/spool/pkg/erg712801.711.pkg.Z
        # pkgadd -d /var/spool/pkg/erg712801.711.pkg


7. References

        Specific references for this advisory:
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0468 
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0469 
                
http://www.idefense.com/application/poi/display?id=221&type=vulnerabilities 
                
http://www.idefense.com/application/poi/display?id=220&type=vulnerabilities

        SCO security resources:
                http://www.sco.com/support/security/index.html

        SCO security advisories via email
                http://www.sco.com/support/forums/security.html

        This security fix closes SCO incidents sr893210 fz531446
        erg712801.


8. Disclaimer

        SCO is not responsible for the misuse of any of the information
        we provide on this website and/or through our security
        advisories. Our advisories are a service to our customers
        intended to promote secure installation and use of SCO
        products.


9. Acknowledgments

        SCO would like to thank Gal Delalleau and iDEFENSE

______________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (SCO/SYSV)

iD8DBQFCVtn4aqoBO7ipriERAkZbAJ9qiuR3M89tJWzyJ3K7Q5NbBRTvMgCfdeFY
JmJIo8zz/ppyCI4EQ5UY9jA=
=8sOq
-----END PGP SIGNATURE-----

Prev by Date: How to Report a Security Vulnerability to Microsoft
Next by Date: [USN-110-1] Linux kernel vulnerabilities
Previous by thread: How to Report a Security Vulnerability to Microsoft
Next by thread: [USN-110-1] Linux kernel vulnerabilities
Index(es):
- Date
- Thread