exploit the possibilities

SCOSA-2006.24.txt

SCOSA-2006.24.txt
Posted May 24, 2006
Authored by SCO | Site sco.com

SCO Security Advisory SCOSA-2006.24 - Sendmail could allow a remote attacker to execute arbitrary code as root, caused by a signal race vulnerability.

tags | advisory, remote, arbitrary, root
advisories | CVE-2006-0058
MD5 | 5182e7e6c52f6ce1f2f87747534565ce

SCOSA-2006.24.txt

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________


SCO Security Advisory


Subject: Sendmail Arbitrary Code Execution Vulnerability
Advisory number: SCOSA-2006.24
Issue date: 2006 May 21
Cross reference: fz533700
CVE-2006-0058
______________________________________________________________________________


1. Problem Description

Sendmail could allow a remote attacker to execute arbitrary code as
root, caused by a signal race vulnerability.

The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CVE-2006-0058 to
this issue.


2. Vulnerable Supported Versions

System Binaries
----------------------------------------------------------------------
UnixWare 7.1.3 sendmail
mailstats
praliiases
rmail
smrsh
makemap
UnixWare 7.1.4 sendmail
mailstats
praliiases
rmail
smrsh
makemap


3. Solution

The proper solution is to install the latest packages.


4. UnixWare 7.1.3

4.1 Location of Fixed Binaries

ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.24


4.2 Verification

MD5 (p533700.713.image) = 2c33879a5f676c79efe1e78cadb2aeb8

md5 is available for download from
ftp://ftp.sco.com/pub/security/tools


4.3 Installing Fixed Binaries

The following packages should be installed on your system before
you install this fix:

UnixWare 7.1.3 Maintenance Pack 5
http://www.sco.com/support/update/download/release.php?rid=96

Upgrade the affected binaries with the following sequence:

Download p533700.713.image to the /var/spool/pkg directory

# pkgadd -d /var/spool/pkg/p533700.713.image


5. UnixWare 7.1.4

5.1 Location of Fixed Binaries

ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.24


5.2 Verification

MD5 (p533700.714.image) = 0a3a7c95a68e1ca3e5916e40e9dfa0ae

md5 is available for download from
ftp://ftp.sco.com/pub/security/tools


5.3 Installing Fixed Binaries

The following packages should be installed on your system before
you install this fix:

UnixWare 7.1.4 Maintenance Pack 3
http://www.sco.com/support/update/download/release.php?rid=126

Upgrade the affected binaries with the following sequence:

Download p533700.714.image to the /var/spool/pkg directory

# pkgadd -d /var/spool/pkg/p533700.714.image


6. References

Specific references for this advisory:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0058
http://www.securityfocus.com/archive/1/428536/100/0/threaded
http://www.sendmail.org/

SCO security resources:
http://www.sco.com/support/security/index.html

SCO security advisories via email
http://www.sco.com/support/forums/security.html

This security fix closes SCO incidents fz533700.


7. Disclaimer

SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers intended
to promote secure installation and use of SCO products.


8. Acknowledgments

Marc Bejarano is credited with the discovery of this vulnerability.


______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (SCO_SV)

iD8DBQFEcSxeaqoBO7ipriERAtnOAJ4l8SWkkFxTYf8T8iD9P4UFQBqX0QCfZld8
m4gPf3unHlkCKdp/9PbXL9Y=
=vpKs
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

September 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    20 Files
  • 2
    Sep 2nd
    15 Files
  • 3
    Sep 3rd
    15 Files
  • 4
    Sep 4th
    4 Files
  • 5
    Sep 5th
    1 Files
  • 6
    Sep 6th
    1 Files
  • 7
    Sep 7th
    15 Files
  • 8
    Sep 8th
    27 Files
  • 9
    Sep 9th
    7 Files
  • 10
    Sep 10th
    16 Files
  • 11
    Sep 11th
    9 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    25 Files
  • 15
    Sep 15th
    15 Files
  • 16
    Sep 16th
    15 Files
  • 17
    Sep 17th
    15 Files
  • 18
    Sep 18th
    12 Files
  • 19
    Sep 19th
    1 Files
  • 20
    Sep 20th
    1 Files
  • 21
    Sep 21st
    15 Files
  • 22
    Sep 22nd
    21 Files
  • 23
    Sep 23rd
    8 Files
  • 24
    Sep 24th
    15 Files
  • 25
    Sep 25th
    4 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close