what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

SCOSA-2006.24.txt

SCOSA-2006.24.txt
Posted May 24, 2006
Authored by SCO | Site sco.com

SCO Security Advisory SCOSA-2006.24 - Sendmail could allow a remote attacker to execute arbitrary code as root, caused by a signal race vulnerability.

tags | advisory, remote, arbitrary, root
advisories | CVE-2006-0058
SHA-256 | 14c7c5f6be311b1f1a1ef703c8b555ed330c3caf171aead875300fd4a9ef3395

SCOSA-2006.24.txt

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________


SCO Security Advisory


Subject: Sendmail Arbitrary Code Execution Vulnerability
Advisory number: SCOSA-2006.24
Issue date: 2006 May 21
Cross reference: fz533700
CVE-2006-0058
______________________________________________________________________________


1. Problem Description

Sendmail could allow a remote attacker to execute arbitrary code as
root, caused by a signal race vulnerability.

The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CVE-2006-0058 to
this issue.


2. Vulnerable Supported Versions

System Binaries
----------------------------------------------------------------------
UnixWare 7.1.3 sendmail
mailstats
praliiases
rmail
smrsh
makemap
UnixWare 7.1.4 sendmail
mailstats
praliiases
rmail
smrsh
makemap


3. Solution

The proper solution is to install the latest packages.


4. UnixWare 7.1.3

4.1 Location of Fixed Binaries

ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.24


4.2 Verification

MD5 (p533700.713.image) = 2c33879a5f676c79efe1e78cadb2aeb8

md5 is available for download from
ftp://ftp.sco.com/pub/security/tools


4.3 Installing Fixed Binaries

The following packages should be installed on your system before
you install this fix:

UnixWare 7.1.3 Maintenance Pack 5
http://www.sco.com/support/update/download/release.php?rid=96

Upgrade the affected binaries with the following sequence:

Download p533700.713.image to the /var/spool/pkg directory

# pkgadd -d /var/spool/pkg/p533700.713.image


5. UnixWare 7.1.4

5.1 Location of Fixed Binaries

ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.24


5.2 Verification

MD5 (p533700.714.image) = 0a3a7c95a68e1ca3e5916e40e9dfa0ae

md5 is available for download from
ftp://ftp.sco.com/pub/security/tools


5.3 Installing Fixed Binaries

The following packages should be installed on your system before
you install this fix:

UnixWare 7.1.4 Maintenance Pack 3
http://www.sco.com/support/update/download/release.php?rid=126

Upgrade the affected binaries with the following sequence:

Download p533700.714.image to the /var/spool/pkg directory

# pkgadd -d /var/spool/pkg/p533700.714.image


6. References

Specific references for this advisory:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0058
http://www.securityfocus.com/archive/1/428536/100/0/threaded
http://www.sendmail.org/

SCO security resources:
http://www.sco.com/support/security/index.html

SCO security advisories via email
http://www.sco.com/support/forums/security.html

This security fix closes SCO incidents fz533700.


7. Disclaimer

SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers intended
to promote secure installation and use of SCO products.


8. Acknowledgments

Marc Bejarano is credited with the discovery of this vulnerability.


______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (SCO_SV)

iD8DBQFEcSxeaqoBO7ipriERAtnOAJ4l8SWkkFxTYf8T8iD9P4UFQBqX0QCfZld8
m4gPf3unHlkCKdp/9PbXL9Y=
=vpKs
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    16 Files
  • 10
    Sep 10th
    38 Files
  • 11
    Sep 11th
    21 Files
  • 12
    Sep 12th
    40 Files
  • 13
    Sep 13th
    18 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    21 Files
  • 17
    Sep 17th
    51 Files
  • 18
    Sep 18th
    23 Files
  • 19
    Sep 19th
    48 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close