-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________

      SCO Security Advisory

Subject:    OpenServer 5.0.6 OpenServer 5.0.7 OpenServer 6.0.0 : Multiple System Libraries Vulnerabilities
Advisory number:   SCOSA-2006.10
Issue date:     2006 March 14
Cross reference:  fz532924 fz532923 fz533164 fz533174 fz533390
      CVE-2005-2491 CVE-2005-3183 CVE-2005-3185
______________________________________________________________________________


1. Problem Description

  PCRE is prone to a heap-overflow vulnerability. This issue
  is due to the library's failure to properly perform boundary
  checks on user-supplied input before copying data to an
  internal memory buffer. The impact of successful exploitation
  of this vulnerability depends on the application and the user
  credentials using the vulnerable library.  A successful attack
  may ultimately permit an attacker to control the contents of
  critical memory control structures and write arbitrary data to
  arbitrary memory locations.  Integer overflow in pcre_compile.c
  in Perl Compatible Regular Expressions (PCRE) before 6.2, as
  used in multiple products such as Python, Ethereal, and PHP,
  allows attackers to execute arbitrary code via quantifier
  values in regular expressions, which leads to a heap-based
  buffer overflow.
  
  W3C Libwww is prone to multiple vulnerabilities. These issues
  include a buffer overflow vulnerability and some issues related
  to the handling of multipart/byteranges content. Libwww
  5.4.0 is reported to be vulnerable.  Other versions may
  be affected as well. These issues may also be exploited
  through other applications that implement the library. The
  HTBoundary_put_block function in HTBound.c for W3C libwww
  (w3c-libwww) allows remote servers to cause a denial of service
  (segmentation fault) via a crafted multipart/byteranges MIME
  message that triggers an out-of-bounds read.
  
  GNU wget and cURL are prone to a buffer overflow vulnerability.
  This issue is due to a failure in the applications to do
  proper bounds checking on user supplied data before using
  it in a memory copy operation.  An attacker can exploit this
  vulnerability to execute arbitrary code in the context of the
  user utilizing the vulnerable application. Exploitation of this
  vulnerability requires that NTLM authentication is enabled
  in the affected clients. Stack-based buffer overflow in the
  ntlm_output function in http-ntlm.c for (1) wget 1.10, (2)
  curl 7.13.2, and (3) libcurl 7.13.2, and other products that
  use libcurl, when NTLM authentication is enabled, allows remote
  servers to execute arbitrary code via a long NTLM username.
  
  The Common Vulnerabilities and Exposures project
  (cve.mitre.org) has assigned the names CVE-2005-2491,
  CVE-2005-3183, and CVE-2005-3185 to these issues.


2. Vulnerable Supported Versions

  System        Binaries
  ----------------------------------------------------------------------
  OpenServer 5.0.6   libpcre, libwww, libcurl libraries in the
        gwxlibs component
  OpenServer 5.0.7   libpcre, libwww, libcurl libraries in the
        gwxlibs component
  OpenServer 6.0.0   libpcre, libwww, libcurl libraries in the
        gwxlibs component


3. Solution

  The proper solution is to install the latest packages.


4. OpenServer 5.0.6

  4.1 Location of Fixed Binaries

  ftp://ftp.sco.com/pub/openserver5/opensrc/gwxlibs-2.1.0Ba/gwxlibs210Ba_vol.tar


  4.2 Verification

  MD5 (gwxlibs210Ba_vol.tar) = 18213632bd0c5ff1e260eac90aae7033

  md5 is available for download from
    ftp://ftp.sco.com/pub/security/tools


  4.3 Installing Fixed Binaries

  Download and install the Supplemental Graphics, Web and X11
  Libraries (gwxlibs) version 2.1.0Ba from:

  ftp://ftp.sco.com/pub/openserver5/opensrc/gwxlibs-2.1.0Ba/

  This supplement can be installed on the following
  SCO OpenServer release(s):

    SCO OpenServer Release 5.0.6 with RS506A and OSS646C

  See:
  ftp://ftp.sco.com/pub/openserver5/opensrc/gwxlibs-2.1.0Ba/gwxlibs-2.1.0Ba.txt


5. OpenServer 5.0.7

  5.1 Location of Fixed Binaries

  ftp://ftp.sco.com/pub/openserver5/507/mp/osr507mp4/osr507mp4_vol.tar


  5.2 Verification

  MD5 (osr507mp4_vol.tar) = 4c87d840ff5b43221258547d19030228

  md5 is available for download from
    ftp://ftp.sco.com/pub/security/tools


  5.3 Installing Fixed Binaries

  See the SCO OpenServer Release 5.0.7 Maintenance Pack 4 Release
  and Installation Notes:

  ftp://ftp.sco.com/pub/openserver5/507/mp/osr507mp4/osr507mp4.htm


6. OpenServer 6.0.0

  6.1 Location of Fixed Binaries

  ftp://ftp.sco.com/pub/openserver6/600/mp/osr600mp2/osr600mp2.iso


  6.2 Verification

  MD5 (osr600mp2.iso) = 7e560dcde374eb60df2b4a599ac20d8a

  md5 is available for download from
    ftp://ftp.sco.com/pub/security/tools


  6.3 Installing Fixed Binaries

  See the SCO OpenServer Release 6.0.0 Maintenance Pack 2 Release
  and Installation Notes:

  ftp://ftp.sco.com/pub/openserver6/600/mp/osr600mp2/osr600mp2.html


7. References

  Specific references for this advisory:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2491
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3183
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3185
    http://www.securityfocus.com/bid/14620 
    http://www.securityfocus.com/bid/15035 
    http://www.securityfocus.com/bid/15102 
    http://securitytracker.com/id?1014744 
    http://securitytracker.com/id?1015057

  SCO security resources:
    http://www.sco.com/support/security/index.html

  SCO security advisories via email
    http://www.sco.com/support/forums/security.html

  This security fix closes SCO incidents fz532924 fz532923 fz533164
  fz533174 fz533390.


8. Disclaimer

  SCO is not responsible for the misuse of any of the information
  we provide on this website and/or through our security
  advisories. Our advisories are a service to our customers intended
  to promote secure installation and use of SCO products.


______________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (UnixWare)

iD8DBQFEFynVaqoBO7ipriERAusBAJ449zh23lL5tq9yV2PpPqoGY3yiDQCfSCw9
/S2QKbSM8J+jGesfDrbV7wU=
=WXg5
-----END PGP SIGNATURE-----