ColdFusion 6.1 Updater 1 creates a directory named /WEB-INF/cfclasses, and places compiled Java .class files there. These files can be downloaded by the end user. It is possible to decompile .class files, meaning that this basically provides access to sourcecode.
d7b1b3c859d12c04a0f3ca16ffb18db9f291e9677461b7c104d32ba9e93f52e3
r Security Academy."
______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (SCO/SYSV)
iD8DBQFCVZAoaqoBO7ipriERAmnRAJ9PsrKYTpWDsGM9uk+3hFRWBtoiBgCfbd70
TP1LFtZvO16TnqYIesRLAb0=
=TGHH
-----END PGP SIGNATURE-----
From bugtraq-return-19104-bugtraq=packetstormsecurity.org@securityfocus.com Thu Apr 07 20:25:09 2005
Return-Path: <bugtraq-return-19104-bugtraq=packetstormsecurity.org@securityfocus.com>
Delivered-To: bugtraq@packetstormsecurity.org
Received: (qmail 796 invoked from network); 7 Apr 2005 20:25:09 -0000
Received: from outgoing.securityfocus.com (205.206.231.26)
by packetstormsecurity.org with SMTP; 7 Apr 2005 20:25:09 -0000
Received: from outgoing.securityfocus.com by outgoing.securityfocus.com
via smtpd (for [212.130.50.194] [212.130.50.194]) with ESMTP; Thu, 7 Apr 2005 13:25:09 -0700
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id 580AE144B30; Thu, 7 Apr 2005 13:37:55 -0600 (MDT)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 12504 invoked from network); 7 Apr 2005 12:17:29 -0000
To: security-announce@list.sco.com, bugtraq@securityfocus.com,
full-disclosure@lists.netsys.com
From: please_reply_to_security@sco.com
Reply-To: please_reply_to_security@sco.com
Subject: UnixWare 7.1.4 UnixWare 7.1.3 UnixWare 7.1.1 : CDE dtlogin unspecified double free
Date: Thu, 7 Apr 2005 12:44:04 -0700
Message-ID: <20050407124404.A1735@caldera.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
Status: O
Content-Length: 4125
Lines: 163
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SCO Security Advisory
Subject: UnixWare 7.1.4 UnixWare 7.1.3 UnixWare 7.1.1 : CDE dtlogin unspecified double free
Advisory number: SCOSA-2005.18
Issue date: 2005 April 7
Cross reference: sr890079 fz529303 erg712592 CAN-2004-0368 CERT VU#179804
______________________________________________________________________________
1. Problem Description
The Common Desktop Environment (CDE) dtlogin utility is
used to log into a CDE session. The CDE dtlogin utility has
a double-free vulnerability in the X Display Manager Control
Protocol (XDMCP). By sending a specially-crafted XDMCP
packet to a vulnerable system, a remote attacker could
obtain sensitive information, cause a denial of service or
execute arbitrary code on the system.
CERT Vulnerability Note VU#179804, Common Desktop Environment
(CDE) dtlogin improperly deallocates memory at
http://www.kb.cert.org/vuls/id/179804.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2004-0368 to this issue.
2. Vulnerable Supported Versions
System Binaries
----------------------------------------------------------------------
UnixWare 7.1.4 /usr/dt/bin/dtgreet
/usr/dt/bin/dtlogin
/usr/dt/lib/libDtLogin.so.1
UnixWare 7.1.3 /usr/dt/bin/dtgreet
/usr/dt/bin/dtlogin
/usr/dt/lib/libDtLogin.so.1
UnixWare 7.1.1 See Maintenance Pack 5 notes
3. Solution
The proper solution is to install the latest packages.
4. UnixWare 7.1.4
4.1 Location of Fixed Binaries
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.18
4.2 Verification
MD5 (erg712592.pkg.Z) = d3714b22a624db25740f5539c063d407
md5 is available for download from
ftp://ftp.sco.com/pub/security/tools
4.3 Installing Fixed Binaries
Upgrade the affected binaries with the following sequence:
Download erg712592.pkg.Z to the /var/spool/pkg directory
# uncompress /var/spool/pkg/erg712592.pkg.Z
# pkgadd -d /var/spool/pkg/erg712592.pkg
5. UnixWare 7.1.3
5.1 Location of Fixed Binaries
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.18
5.2 Verification
MD5 (erg712592.713.pkg.Z) = fc8d0c4f0ebdcf65504d1b4985c7ba52
md5 is available for download from
ftp://ftp.sco.com/pub/security/tools
5.3 Installing Fixed Binaries
Upgrade the affected binaries with the following sequence:
Download erg712592.713.pkg.Z to the /var/spool/pkg directory
# uncompress /var/spool/pkg/erg712592.713.pkg.Z
# pkgadd -d /var/spool/pkg/erg712592.713.pkg
6. UnixWare 7.1.1 uw711mp5
6.1 Location of Fixed Binaries
The fixes are available in SCO UnixWare Release 7.1.1
Maintenance Pack 5 or later. See
ftp://ftp.sco.com/pub/unixware7/uw711pk/uw711mp5.txt
and
ftp://ftp.sco.com/pub/unixware7/uw711pk/uw711mp5_errata.txt
6.2 Verification
MD5 (uw711mp5.cpio.Z) = 50bd66b7d57b2025da9dca4010d0ab1a
md5 is available for download from
ftp://ftp.sco.com/pub/security/tools
6.3 Installing Fixed Binaries
See uw711mp5.txt and uw711mp5_errata.txt for install instructions.
7. References
Specific references for this advisory:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0368
SCO security resources:
http://www.sco.com/support/security/index.html
SCO security advisories via email
http://www.sco.com/support/forums/security.html
This security fix closes SCO incidents sr890079 fz529303
erg712592.
8. Disclaimer
SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers
intended to promote secure installation and use of SCO
products.
9. Acknowledgments
SC