exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

SCOSA-2004.2.txt

SCOSA-2004.2.txt
Posted Aug 5, 2004
Site sco.com

SCO Security Advisory - A buffer overflow in ReadFontAlias from dirfile.c of Xsco may allow local users and remote attackers to execute arbitrary code via a font alias file with a long token. Another buffer overflow in the ReadFontAlias function in Xsco, when using the CopyISOLatin1Lowered function, may allow local or remote authenticated users to execute arbitrary code via a malformed entry in the font alias file.

tags | advisory, remote, overflow, arbitrary, local
advisories | CVE-2004-0083, CVE-2004-0084, CVE-2004-0106
SHA-256 | 4ee7da723ca7e03578f3c56edfc012de2a498633281d713c9c76de8fb7961a4e

SCOSA-2004.2.txt

Change Mirror Download

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


______________________________________________________________________________

SCO Security Advisory

Subject: UnixWare 7.1.3 Open UNIX 8.0.0 : Xsco contains a buffer overflow that could be exploited to gain root privileges.
Advisory number: SCOSA-2004.2
Issue date: 2004 July 29
Cross reference: sr889370 fz528865 erg712546 CAN-2004-0083 CAN-2004-0084 CAN-2004-0106
______________________________________________________________________________


1. Problem Description

A buffer overflow in ReadFontAlias from dirfile.c of Xsco
may allow local users and remote attackers to execute
arbitrary code via a font alias file with a long token.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2004-0083 to this issue.

Buffer overflow in the ReadFontAlias function in Xsco,
when using the CopyISOLatin1Lowered function, may allow
local or remote authenticated users to execute arbitrary
code via a malformed entry in the font alias file.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2004-0084 to this issue.

Multiple flaws in reading font files.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2004-0106 to these issues.


2. Vulnerable Supported Versions

System Binaries
----------------------------------------------------------------------
UnixWare 7.1.3 /usr/X/bin/Xsco
Open UNIX 8.0.0 /usr/X/bin/Xsco

3. Solution

The proper solution is to install the latest packages.


4. UnixWare 7.1.3 / Open UNIX 8.0.0

4.1 Location of Fixed Binaries

ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.2

4.2 Verification

MD5 (erg712546.pkg.Z) = a7ca45fddc3990268e2779a16601b323

md5 is available for download from
ftp://ftp.sco.com/pub/security/tools

4.3 Installing Fixed Binaries

Upgrade the affected binaries with the following sequence:

Download erg712546.pkg.Z to the /var/spool/pkg directory

# uncompress /var/spool/pkg/erg712546.pkg.Z
# pkgadd -d /var/spool/pkg/erg712546.pkg

5. References

Specific references for this advisory:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0083
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0084
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0106

SCO security resources:
http://www.sco.com/support/security/index.html

SCO security advisories via email:
http://www.sco.com/support/forums/security.html

This security fix closes SCO incidents sr889370 fz528865
erg712546.


6. Disclaimer

SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers
intended to promote secure installation and use of SCO
products.


7. Acknowledgments

Greg MacManus (iDEFENSE Labs) is credited with the discovery
of this vulnerability. Additionally David Dawes discovered
further flaws in reading font files.

______________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (SCO/UNIX_SVR5)

iD8DBQFBCqGxaqoBO7ipriERAkoyAJ91gL8wb8JakO+PD8UAu5ud2P/zbACgllGF
CROJ3rJtJ5iFKT7lahBbwcQ=
=OdyX
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close