what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

SCOX.txt

SCOX.txt
Posted Oct 16, 2003
Site sco.com

SCO Security Advisory - SCO OpenServer 5.0.5, 5.0.6, and 5.0.7 has had multiple vulnerabilities discovered in Xsco. One matches the command line parameter -co hole discovered in Xsun and another allows any local user with X access to gain read/write access to a shared memory segment.

tags | advisory, local, vulnerability
advisories | CVE-2002-0158, CVE-2002-0164
SHA-256 | ea73d1607ecb515aa8682e89e65246b5b258aa25a485244028e85ae2567906ae

SCOX.txt

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



______________________________________________________________________________

SCO Security Advisory

Subject: OpenServer 5.0.7 OpenServer 5.0.6 OpenServer 5.0.5 : Multiple security vulnerabilities in Xsco
Advisory number: CSSA-2003-SCO.26
Issue date: 2003 October 10
Cross reference: sr862609 fz520528 erg712006 sr860995 fz520242 erg711972 CAN-2002-0158 CAN-2002-0164
______________________________________________________________________________


1. Problem Description

This supplement corrects two unrelated security problems in the
SCO OpenServer "Xsco" X11 server.

First,

NSFOCUS Security Team has found a buffer overflow vulnerability
in Xsun shipped with Solaris system when processing a
command line parameter "-co", which could enable a local
attacker to run arbitrary code with root user/root group
privilege.

Kevin Finisterre of Snosoft.com discovered that Xsco was also
vulnerable.

The Common Vulnerabilities and Exposures (CVE) project has assigned
the name CAN-2002-0158 to this issue. This is a candidate for
inclusion in the CVE list (http://cve.mitre.org), which standardizes
names for security problems. Candidates may change significantly
before they become official CVE entries.

Second,

Roberto Zunino discovered a vulnerability in the MIT-SHM extension in
all X servers that are running as root.

Any user with local X access can exploit the MIT-SHM extension and gain
read/write access to any shared memory segment on the system.

The Common Vulnerabilities and Exposures (CVE) project has assigned
the name CAN-2002-0164 to this issue. This is a candidate for
inclusion in the CVE list (http://cve.mitre.org), which standardizes
names for security problems. Candidates may change significantly
before they become official CVE entries.


2. Vulnerable Supported Versions

System Binaries
----------------------------------------------------------------------
OpenServer 5.0.7 /usr/bin/X11/Xsco
OpenServer 5.0.6 /usr/bin/X11/Xsco
OpenServer 5.0.5 /usr/bin/X11/Xsco


3. Solution

The proper solution is to install the latest packages.


4. OpenServer 5.0.7, OpenServer 5.0.6, OpenServer 5.0.5

4.1 Location of Fixed Binaries

ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.26


4.2 Verification

MD5 (VOL.000.000) = e7cbf7a8094ba43d44a6657a95673aeb
MD5 (VOL.001.000) = 2eca28ac86436cec5fa7f059ab2fe850

md5 is available for download from
ftp://ftp.sco.com/pub/security/tools


4.3 Installing Fixed Binaries

Upgrade the affected binaries with the following sequence:

1) Download the VOL* files to the /tmp directory

2) Run the custom command, specify an install from media
images, and specify the /tmp directory as the location of
the images.


5. References

Specific references for this advisory:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0158
http://marc.theaimsgroup.com/?l=bugtraq&m=101776858410652&w=2
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0000.html
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0164
http://marc.theaimsgroup.com/?l=bugtraq&m=103547625009363&w=2
http://xforce.iss.net/xforce/xfdb/8706
http://www.securityfocus.com/bid/4396
http://www.linuxsecurity.com/advisories/caldera_advisory-2006.html
ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.14/CSSA-2002-SCO.14.txt
SCO security resources:

http://www.sco.com/support/security/index.html

This security fix closes SCO incidents sr862609 fz520528
erg712006 sr860995 fz520242 erg711972


6. Disclaimer

SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers
intended to promote secure installation and use of SCO
products.

7. Acknowledgments

SCO would like to thank the NSFOCUS Security Team for finding
the "-co" vulnerability, and Kevin Finisterre of Snosoft.com for
confirming its applicability to Xsco. SCO would also like to
thank Roberto Zunino for discovering the MIT-SHM vulnerability.

______________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (SCO/UNIX_SVR5)

iD8DBQE/jfZSaqoBO7ipriERAjSbAJkBWpJMSXcQwLFnTTRgVa5vaEXGEgCfeSKa
yS0vg5xrMpoBo3zWeqgpsNQ=
=Abuh
-----END PGP SIGNATURE-----

----- End forwarded message -----
Login or Register to add favorites

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close