Lucene search
SecurityvulnsSECURITYVULNS:DOC:8726HistoryMay 26, 2005 - 12:00 a.m.
OpenServer 5.0.6 OpenServer 5.0.7 : nwprint privilege escalation
2005-05-2600:00:00
vulners.com
18
0.0004 Low
EPSS
Percentile
0.4%
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SCO Security Advisory
Subject: OpenServer 5.0.6 OpenServer 5.0.7 : nwprint privilege escalation
Advisory number: SCOSA-2005.26
Issue date: 2005 May 25
Cross reference: sr893493 fz531721 erg712826 CAN-2005-0993
-
Problem Description
Buffer overflow in nwprint allows local users to execute arbitrary code via a long command line argument. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0993 to this issue. -
Vulnerable Supported Versions
System Binaries ---------------------------------------------------------------------- OpenServer 5.0.6 /usr/lib/nucrt/bin/nwprint /usr/lib/nucrt/bin/nwlpstat /etc/nwcleand /usr/lib/nucrt/bin/nwcancel /usr/lib/nucrt/bin/nwlpadmin OpenServer 5.0.7 See the Maintenance Pack 3 Release Notes -
Solution
The proper solution is to install the latest packages. -
OpenServer 5.0.6
4.1 First install oss646c or later 4.2 Location of oss646c ftp://ftp.sco.com/pub/openserver5/oss646c/ 4.3 Verification of oss646c MD5 (VOL.000.000) = f19b6c6949f615316bfb075d249989e8 MD5 (VOL.000.001) = 341ff8553aecd2c7b0c2beaf83030d0f MD5 (VOL.000.002) = 6e46708ad8029e12280d4f9ac60ab814 MD5 (VOL.000.003) = 2868b64a6a6db742adb3b485be645d7e MD5 (VOL.000.004) = 1696fe1db9bb063827ee5e76e58dff84 MD5 (VOL.000.005) = f39da342f8af72fcaccdf478dca04109 MD5 (VOL.000.006) = 2b31611c8af7d2e7910d6e8e3cf701a6 MD5 (VOL.000.007) = d0175c0f4e3ed29435b1eab95609f8f4 MD5 (VOL.000.008) = aa9e8a525c341fed077f981b1dacb486 MD5 (VOL.000.009) = 8e023af67b57507824406bdda322079a MD5 (VOL.000.010) = 2b46e8adba8ae0b64109f2069da978a2 4.4 Location of Fixed Binaries ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.26 4.5 Verification MD5 (VOL.000.000) = 83798688f4e5ac7f9e8c9602df8fa575 md5 is available for download from ftp://ftp.sco.com/pub/security/tools 4.6 Installing Fixed Binaries Upgrade the affected binaries with the following sequence: 1) Download the VOL* files to a directory 2) Run the custom command, specify an install from media images, and specify the directory as the location of the images. -
OpenServer 5.0.7
5.1 Location of Fixed Binaries Maintenance Pack 3 http://www.sco.com/support/update/download/osr507list.html 5.2 Verification MD5 (507mp3_vol.tar) = c927aefdd50b50aca5d29e08c1562aec md5 is available for download from ftp://ftp.sco.com/pub/security/tools 5.3 Installing Fixed Binaries See the Maintenance Pack 3 Release Notes ftp://ftp.sco.com/pub/openserver5/507/mp/mp3/osr507mp3.html or ftp://ftp.sco.com/pub/openserver5/507/mp/mp3/osr507mp3.txt -
References
Specific references for this advisory: http://lists.seifried.org/pipermail/security/2005-April/007678.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0993 SCO security resources: http://www.sco.com/support/security/index.html SCO security advisories via email http://www.sco.com/support/forums/security.html This security fix closes SCO incidents sr893493 fz531721 erg712826. -
Disclaimer
SCO is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of SCO products. -
Acknowledgments
SCO would like to thank pasquale minervini
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (SCO/SYSV)
iD8DBQFClNw3aqoBO7ipriERAvr3AJ4pB7rvc/QvDIu82o/j+0HkUS5nCQCgkbyD
yXEuF+4xrff2OeFN9swOkxM=
=Vx99
-----END PGP SIGNATURE-----
Related
nvd
nvd
CVE-2005-0993
2005-05-02 04:00:00
cve
cve
CVE-2005-0993
2005-05-02 04:00:00
cvelist
cvelist
CVE-2005-0993
2005-04-07 04:00:00