-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SCO Security Advisory Subject: OpenServer 5.0.6 OpenServer 5.0.7 : MMDF Various buffer overflows and other security issues Advisory number: SCOSA-2004.7 Issue date: 2004 July 14 Cross reference: sr884728 fz528322 erg712434 CAN-2004-0510 CAN-2004-0511 CAN-2004-0512 ______________________________________________________________________________ 1. Problem Description Deprotect discovered a buffer overflow in execmail. After reviewing our code we determined the whole MMDF package needed a security audit. Various buffer overflows and other security issues that affect all MMDF binaries have been corrected. All but one of the MMDF binaries that were setuid root are no longer setuid. Additional changes in this version of MMDF are documented at ftp://ftp.sco.com/pub/openserver5/507/mp/mp3/osr507mp3.html#rn507mp_mmdf and in the updated man pages which are included in SCOSA-2004.7 The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned MMDF buffer overflows the name CAN-2004-0510. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned MMDF null dereferences the name CAN-2004-0511. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned MMDF core dumps the name CAN-2004-0512. 2. Vulnerable Supported Versions System Binaries ---------------------------------------------------------------------- OpenServer 5.0.6 MMDF Distribution OpenServer 5.0.7 MMDF Distribution 3. Solution The proper solution is to install the latest packages. 4. OpenServer 5.0.7 4.1 Location of Fixed Binaries ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.7 The fixes are also available in SCO OpenServer Release 5.0.7 Maintenance Pack 3 or later. See http://www.sco.com/support/update/download/osr507list.html. 5. OpenServer 5.0.6 5.1 Location of Fixed Binaries ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.7 5.2 Verification MD5 (VOL.000.000) = 7d079342022ff408e479184fab3ee86b md5 is available for download from ftp://ftp.sco.com/pub/security/tools 5.3 Installing Fixed Binaries Upgrade the affected binaries with the following sequence: 1) Download the VOL* files to a directory 2) Run the custom command, specify an install from media images, and specify the download directory as the location of the images. 6. References Specific references for this advisory: http://www.deprotect.com/advisories/DEPROTECT-20040206.txt SCO security resources: http://www.sco.com/support/security/index.html SCO security advisories via email http://www.sco.com/support/forums/security.html This security fix closes SCO incidents sr884728 fz528322 erg712434. 7. Disclaimer SCO is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of SCO products. 8. Acknowledgments SCO would like to thank Deprotect which describes itself as "a Swedish based security company divided into four divisions; Managed Security Services, Security Services, Products and Development and our Security Academy." ______________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (SCO/UNIX_SVR5) iD8DBQFA/BA7aqoBO7ipriERAlNkAJ4wc5INlU2E1vS0FvfHIBZBWVZncgCgguCU 5eD+BJzK6BCNVJAbF1y1Jic= =yfK9 -----END PGP SIGNATURE-----