OpenServer 5.0.7 OpenServer 5.0.6 OpenServer 5.0.5 : Multiple security vulnerabilities in Xsco

To: [email protected] [email protected] [email protected]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

                    SCO Security Advisory

Subject: OpenServer 5.0.7 OpenServer 5.0.6 OpenServer 5.0.5 : Multiple security
vulnerabilities in Xsco
Advisory number: CSSA-2003-SCO.26
Issue date: 2003 October 10
Cross reference: sr862609 fz520528 erg712006 sr860995 fz520242 erg711972 CAN-2002-0158
CAN-2002-0164

1. Problem Description

    This supplement corrects two unrelated security problems in the
    SCO OpenServer "Xsco" X11 server.
   
    First,
   
    NSFOCUS Security Team has found a buffer overflow vulnerability
    in Xsun shipped with Solaris system when processing a
    command line parameter "-co", which could enable a local
    attacker to run arbitrary code with root user/root group
    privilege. 
     
    Kevin Finisterre of Snosoft.com discovered that Xsco was also
    vulnerable. 
     
    The Common Vulnerabilities and Exposures (CVE) project has assigned 
    the name CAN-2002-0158 to this issue. This is a candidate for 
    inclusion in the CVE list (http://cve.mitre.org), which standardizes 
    names for security problems. Candidates may change significantly
    before they become official CVE entries.
   
    Second,
   
    Roberto Zunino discovered a vulnerability in the MIT-SHM extension in
    all X servers that are running as root.
   
    Any user with local X access can exploit the MIT-SHM extension and gain
    read/write access to any shared memory segment on the system. 
   
    The Common Vulnerabilities and Exposures (CVE) project has assigned
    the name CAN-2002-0164 to this issue. This is a candidate for
    inclusion in the CVE list (http://cve.mitre.org), which standardizes
    names for security problems. Candidates may change significantly
    before they become official CVE entries.
   

2. Vulnerable Supported Versions

    System                          Binaries
    ----------------------------------------------------------------------
    OpenServer 5.0.7                /usr/bin/X11/Xsco
    OpenServer 5.0.6                /usr/bin/X11/Xsco
    OpenServer 5.0.5                /usr/bin/X11/Xsco
   

3. Solution

    The proper solution is to install the latest packages.
   

4. OpenServer 5.0.7, OpenServer 5.0.6, OpenServer 5.0.5

    4.1 Location of Fixed Binaries
   
    ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.26
   
   
    4.2 Verification
   
    MD5 (VOL.000.000) = e7cbf7a8094ba43d44a6657a95673aeb
    MD5 (VOL.001.000) = 2eca28ac86436cec5fa7f059ab2fe850
   
    md5 is available for download from
            ftp://ftp.sco.com/pub/security/tools
   
   
    4.3 Installing Fixed Binaries
   
    Upgrade the affected binaries with the following sequence:
   
    1) Download the VOL* files to the /tmp directory
   
    2) Run the custom command, specify an install from media
    images, and specify the /tmp directory as the location of
    the images.
   

5. References

    Specific references for this advisory:
            http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0158 
            http://marc.theaimsgroup.com/?l=bugtraq&m=101776858410652&w=2 
            http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0000.html
            http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0164
            http://marc.theaimsgroup.com/?l=bugtraq&m=103547625009363&w=2
            http://xforce.iss.net/xforce/xfdb/8706
            http://www.securityfocus.com/bid/4396
            http://www.linuxsecurity.com/advisories/caldera_advisory-2006.html
   

ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.14/CSSA-2002-SCO.14.txt
SCO security resources:

            http://www.sco.com/support/security/index.html

    This security fix closes SCO incidents sr862609 fz520528
    erg712006 sr860995 fz520242 erg711972

6. Disclaimer

    SCO is not responsible for the misuse of any of the information
    we provide on this website and/or through our security
    advisories. Our advisories are a service to our customers
    intended to promote secure installation and use of SCO
    products.
   

7. Acknowledgments

    SCO would like to thank the NSFOCUS Security Team for finding
    the "-co" vulnerability, and Kevin Finisterre of Snosoft.com for
    confirming its applicability to Xsco.  SCO would also like to
    thank Roberto Zunino for discovering the MIT-SHM vulnerability.
   

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (SCO/UNIX_SVR5)

iD8DBQE/jfZSaqoBO7ipriERAjSbAJkBWpJMSXcQwLFnTTRgVa5vaEXGEgCfeSKa
yS0vg5xrMpoBo3zWeqgpsNQ=
=Abuh
-----END PGP SIGNATURE-----