-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________

      SCO Security Advisory

Subject:    OpenServer 5.0.6 OpenServer 5.0.7 : OpenSSH Multiple Vulnerabilities
Advisory number:   SCOSA-2006.11
Issue date:     2006 March 15
Cross reference:  fz529677 fz529833 fz532920 fz532977
      CVE-2004-0175 CVE-2005-2666 CVE-2005-2797
______________________________________________________________________________


1. Problem Description

  A vulnerability has been reported in the OpenSSH scp
  utilities.  This issue may permit a malicious scp server
  to corrupt files on a client system when files are copied.
  
  SSH, as implemented in OpenSSH before 4.0 and possibly other
  implementations, stores hostnames, IP addresses, and keys in
  plaintext in the known_hosts file, which makes it easier for
  an attacker that has compromised an SSH user's account to
  generate a list of additional targets that are more likely
  to have the same password or key.
  
  OpenSSH 4.0, and other versions before 4.2, does not properly
  handle dynamic port forwarding ("-D" option) when a listen
  address is not provided, which may cause OpenSSH to enable
  the GatewayPorts functionality.
  
  Only the first 8 characters of a password are significant
  in OpenSSH on SCO OpenServer 5.

  The Common Vulnerabilities and Exposures project
  (cve.mitre.org) has assigned the names CVE-2004-0175,
  CVE-2005-2666, and CVE-2005-2797 to these issues.


2. Vulnerable Supported Versions

  System        Binaries
  ----------------------------------------------------------------------
  OpenServer 5.0.6   OpenSSH utilities and libraries
  OpenServer 5.0.7   OpenSSH utilities and libraries


3. Solution

  The proper solution is to install the latest packages.


4. OpenServer 5.0.6

  4.1 Location of Fixed Binaries

  ftp://ftp.sco.com/pub/openserver5/opensrc/openssh-4.2p1/openssh42p1_vol.tar


  4.2 Verification

  MD5 (openssh42p1_vol.tar) = cb92de31f9a0b8dbd3dfd82b19bc1d57

  md5 is available for download from
    ftp://ftp.sco.com/pub/security/tools


  4.3 Installing Fixed Binaries

  See:
  ftp://ftp.sco.com/pub/openserver5/opensrc/openssh-4.2p1/openssh-4.2p1.txt


5. OpenServer 5.0.7

  5.1 Location of Fixed Binaries

  ftp://ftp.sco.com/pub/openserver5/507/mp/osr507mp4/osr507mp4_vol.tar


  5.2 Verification

  MD5 (osr507mp4_vol.tar) = 4c87d840ff5b43221258547d19030228

  md5 is available for download from
    ftp://ftp.sco.com/pub/security/tools


  5.3 Installing Fixed Binaries

  See the SCO OpenServer Release 5.0.7 Maintenance Pack 4 Release
  and Installation Notes:

  ftp://ftp.sco.com/pub/openserver5/507/mp/osr507mp4/osr507mp4.htm


6. References

  Specific references for this advisory:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0175
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2666
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2797
    http://www.securityfocus.com/bid/9986 
    http://nms.csail.mit.edu/projects/ssh/ 
    http://www.eweek.com/article2/0,1759,1815795,00.asp 
    http://secunia.com/advisories/16686

  SCO security resources:
    http://www.sco.com/support/security/index.html

  SCO security advisories via email
    http://www.sco.com/support/forums/security.html

  This security fix closes SCO incidents fz529677 fz529833 fz532920
  fz532977.


7. Disclaimer

  SCO is not responsible for the misuse of any of the information
  we provide on this website and/or through our security
  advisories. Our advisories are a service to our customers intended
  to promote secure installation and use of SCO products.


______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (UnixWare)

iD8DBQFEGE2eaqoBO7ipriERAth5AJ9dtCzhv+ySjWmLAnpyzKxxyFeqpgCeNjfn
I8/86fBWJWJYKMPkUMSNOXQ=
=xy6d
-----END PGP SIGNATURE-----