[Full-Disclosure] UnixWare 7.1.3 Open UNIX 8.0.0 UnixWare 7.1.1 : CDE libDtHelp buffer overflow

To: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

                    SCO Security Advisory

Subject: UnixWare 7.1.3 Open UNIX 8.0.0 UnixWare 7.1.1 : CDE libDtHelp buffer
overflow
Advisory number: CSSA-2003-SCO.31
Issue date: 2003 October 31
Cross reference: sr885326 fz528372 erg712445 CAN-2003-083 CERT VU#575804

1. Problem Description

    The Common Desktop Environment (CDE) is a standard desktop
    environment for UNIX based systems. CDE libDTHelp contains
    a buffer overflow that can be exploited by a local user
    using specially crafted environment variables.
    
    An authenticated local user may be able to execute arbitrary
    code with root privileges. There is a possibility that a
    user can set the crafted environment variable to gain
    elevated privileges during initialization of the dtHelp
    application, or applications which link to libtDtHelp.
   
    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the name CAN-2003-0834 to this issue. CERT has
    assigned the name VU#575804 to this issue
   

2. Vulnerable Supported Versions

    System                          Binaries
    ----------------------------------------------------------------------
    UnixWare 7.1.3          /usr/dt/lib/libDtHelp.so.1
    Open UNIX 8.0.0         /usr/dt/lib/libDtHelp.so.1
    UnixWare 7.1.1          /usr/dt/lib/libDtHelp.so.1
   

3. Solution

    The proper solution is to install the latest packages.
   

4. UnixWare 7.1.3 / Open UNIX 8.0.0 / UnixWare 7.1.1

    4.1 Location of Fixed Binaries
   
    ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.31
   
   
    4.2 Verification
   
    MD5 (erg712445.pkg.Z) = ecd4aaba3c6d0f7a22b7d2812fc9a174
   
    md5 is available for download from
            ftp://ftp.sco.com/pub/security/tools
   
   
    4.3 Installing Fixed Binaries
   
    Upgrade the affected binaries with the following sequence:
   
    Download erg712445.pkg.Z to the /var/spool/pkg directory
   
    # uncompress /var/spool/pkg/erg712445.pkg.Z
    # pkgadd -d /var/spool/pkg/erg712445.pkg
   

5. References

    Specific references for this advisory:
            http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0834 
            http://www.kb.cert.org/vuls/id/575804
   
    SCO security resources:
            http://www.sco.com/support/security/index.html
   
    This security fix closes SCO incidents sr885326 fz528372
    erg712445.
   

6. Disclaimer

    SCO is not responsible for the misuse of any of the information
    we provide on this website and/or through our security
    advisories. Our advisories are a service to our customers
    intended to promote secure installation and use of SCO
    products.
   

7. Acknowledgments

    SCO would like to thank Kevin Kotas from Computer Associates
    Intl. eTrust eVM
   

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (SCO/UNIX_SVR5)

iD8DBQE/pwZJaqoBO7ipriERAjH3AJ4mYxEOeObr+UMsJBYv0SN1GOI8fgCfZYCp
MdtzcKQfYCslwCLHodM3sdA=
=N1HZ
-----END PGP SIGNATURE-----

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html