SCOSA-2005.21.txt

SCOSA-2005.21.txt: Posted Apr 18, 2005; Site sco.com; SCO Security Advisory - Buffer overflow in the slc_add_reply function in various BSD-based Telnet clients, when handling LINEMODE suboptions, allows remote attackers to execute arbitrary code via a reply with a large number of Set Local Character (SLC) commands.; tags | advisory, remote, overflow, arbitrary, local; systems | bsd; advisories | CVE-2005-0469, CVE-2005-0468; SHA-256 | 47e004e77d661de8734283de6bd87cbb7957bfb833df1fdc601dad8e564ad138; Download | Favorite | View

SCOSA-2005.21.txt


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


______________________________________________________________________________

      SCO Security Advisory

Subject:    UnixWare 7.1.4 UnixWare 7.1.3 UnixWare 7.1.1 : telnet client multiple issues
Advisory number:   SCOSA-2005.21
Issue date:     2005 April 08
Cross reference:  sr893210 fz531446 erg712801 CAN-2005-0469 CAN-2005-0468
______________________________________________________________________________


1. Problem Description

  Buffer overflow in the slc_add_reply function in various
  BSD-based Telnet clients, when handling LINEMODE suboptions,
  allows remote attackers to execute arbitrary code via a
  reply with a large number of Set Local Character (SLC)
  commands. 

  The Common Vulnerabilities and Exposures project (cve.mitre.org) 
  has assigned the name CAN-2005-0469 to this issue. 

  Heap-based buffer overflow in the env_opt_add function
  in telnet.c for various BSD-based Telnet clients allows
  remote attackers to execute arbitrary code via responses
  that contain a large number of characters that require
  escaping, which consumers more memory than allocated. 
  
  The Common Vulnerabilities and Exposures project (cve.mitre.org)
  has assigned the name CAN-2005-0468 to this issue.


2. Vulnerable Supported Versions

  System        Binaries
  ----------------------------------------------------------------------
  UnixWare 7.1.4       /usr/bin/telnet
  UnixWare 7.1.3       /usr/bin/telnet
  UnixWare 7.1.1       /usr/bin/telnet


3. Solution

  The proper solution is to install the latest packages.


4. UnixWare 7.1.4

  4.1 Location of Fixed Binaries

  ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.21

  4.2 Verification

  MD5 (erg712801.714.pkg.Z) = bf53673ea12a1c25e3606a5b879adbc4

  md5 is available for download from
    ftp://ftp.sco.com/pub/security/tools

  4.3 Installing Fixed Binaries

  Upgrade the affected binaries with the following sequence:

  Download erg712801.714.pkg.Z to the /var/spool/pkg directory

  # uncompress /var/spool/pkg/erg712801.714.pkg.Z
  # pkgadd -d /var/spool/pkg/erg712801.714.pkg


5. UnixWare 7.1.3

  5.1 Location of Fixed Binaries

  ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.21

  5.2 Verification

  MD5 (erg712801.713.pkg.Z) = e876b261afbecb41c18c26d6ec11e71d

  md5 is available for download from
    ftp://ftp.sco.com/pub/security/tools

  5.3 Installing Fixed Binaries

  Upgrade the affected binaries with the following sequence:

  Download erg712801.713.pkg.Z to the /var/spool/pkg directory

  # uncompress /var/spool/pkg/erg712801.713.pkg.Z
  # pkgadd -d /var/spool/pkg/erg712801.713.pkg


6. UnixWare 7.1.1

  6.1 Location of Fixed Binaries

  ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.21

  6.2 Verification

  MD5 (erg712801.711.pkg.Z) = f3099416a793c1f731bc7e377fe0e4a2

  md5 is available for download from
    ftp://ftp.sco.com/pub/security/tools

  6.3 Installing Fixed Binaries

  Upgrade the affected binaries with the following sequence:

  Download erg712801.711.pkg.Z to the /var/spool/pkg directory

  # uncompress /var/spool/pkg/erg712801.711.pkg.Z
  # pkgadd -d /var/spool/pkg/erg712801.711.pkg


7. References

  Specific references for this advisory:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0468 
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0469 
    http://www.idefense.com/application/poi/display?id=221&type=vulnerabilities 
    http://www.idefense.com/application/poi/display?id=220&type=vulnerabilities

  SCO security resources:
    http://www.sco.com/support/security/index.html

  SCO security advisories via email
    http://www.sco.com/support/forums/security.html

  This security fix closes SCO incidents sr893210 fz531446
  erg712801.


8. Disclaimer

  SCO is not responsible for the misuse of any of the information
  we provide on this website and/or through our security
  advisories. Our advisories are a service to our customers
  intended to promote secure installation and use of SCO
  products.


9. Acknowledgments

  SCO would like to thank Gal Delalleau and iDEFENSE

______________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (SCO/SYSV)

iD8DBQFCVtn4aqoBO7ipriERAkZbAJ9qiuR3M89tJWzyJ3K7Q5NbBRTvMgCfdeFY
JmJIo8zz/ppyCI4EQ5UY9jA=
=8sOq
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 210 files
Ubuntu 87 files
Gentoo 31 files
Debian 21 files
tmrswrr 10 files
Sina Kheirkhah 7 files
Rodolfo Tavares 4 files
bRpsd 4 files
Google Security Research 3 files
Jann Horn 3 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,078)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,531)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,350)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,266)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,658)
UNIX (9,425)
UnixWare (187)
Windows (6,666)
Other

SCOSA-2005.21.txt

SCOSA-2005.21.txt

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

SCOSA-2005.21.txt

Share This

SCOSA-2005.21.txt

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems