what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

SCOSA-2005.21.txt

SCOSA-2005.21.txt
Posted Apr 18, 2005
Site sco.com

SCO Security Advisory - Buffer overflow in the slc_add_reply function in various BSD-based Telnet clients, when handling LINEMODE suboptions, allows remote attackers to execute arbitrary code via a reply with a large number of Set Local Character (SLC) commands.

tags | advisory, remote, overflow, arbitrary, local
systems | bsd
advisories | CVE-2005-0469, CVE-2005-0468
SHA-256 | 47e004e77d661de8734283de6bd87cbb7957bfb833df1fdc601dad8e564ad138

SCOSA-2005.21.txt

Change Mirror Download

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


______________________________________________________________________________

SCO Security Advisory

Subject: UnixWare 7.1.4 UnixWare 7.1.3 UnixWare 7.1.1 : telnet client multiple issues
Advisory number: SCOSA-2005.21
Issue date: 2005 April 08
Cross reference: sr893210 fz531446 erg712801 CAN-2005-0469 CAN-2005-0468
______________________________________________________________________________


1. Problem Description

Buffer overflow in the slc_add_reply function in various
BSD-based Telnet clients, when handling LINEMODE suboptions,
allows remote attackers to execute arbitrary code via a
reply with a large number of Set Local Character (SLC)
commands.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2005-0469 to this issue.

Heap-based buffer overflow in the env_opt_add function
in telnet.c for various BSD-based Telnet clients allows
remote attackers to execute arbitrary code via responses
that contain a large number of characters that require
escaping, which consumers more memory than allocated.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2005-0468 to this issue.


2. Vulnerable Supported Versions

System Binaries
----------------------------------------------------------------------
UnixWare 7.1.4 /usr/bin/telnet
UnixWare 7.1.3 /usr/bin/telnet
UnixWare 7.1.1 /usr/bin/telnet


3. Solution

The proper solution is to install the latest packages.


4. UnixWare 7.1.4

4.1 Location of Fixed Binaries

ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.21

4.2 Verification

MD5 (erg712801.714.pkg.Z) = bf53673ea12a1c25e3606a5b879adbc4

md5 is available for download from
ftp://ftp.sco.com/pub/security/tools

4.3 Installing Fixed Binaries

Upgrade the affected binaries with the following sequence:

Download erg712801.714.pkg.Z to the /var/spool/pkg directory

# uncompress /var/spool/pkg/erg712801.714.pkg.Z
# pkgadd -d /var/spool/pkg/erg712801.714.pkg


5. UnixWare 7.1.3

5.1 Location of Fixed Binaries

ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.21

5.2 Verification

MD5 (erg712801.713.pkg.Z) = e876b261afbecb41c18c26d6ec11e71d

md5 is available for download from
ftp://ftp.sco.com/pub/security/tools

5.3 Installing Fixed Binaries

Upgrade the affected binaries with the following sequence:

Download erg712801.713.pkg.Z to the /var/spool/pkg directory

# uncompress /var/spool/pkg/erg712801.713.pkg.Z
# pkgadd -d /var/spool/pkg/erg712801.713.pkg


6. UnixWare 7.1.1

6.1 Location of Fixed Binaries

ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.21

6.2 Verification

MD5 (erg712801.711.pkg.Z) = f3099416a793c1f731bc7e377fe0e4a2

md5 is available for download from
ftp://ftp.sco.com/pub/security/tools

6.3 Installing Fixed Binaries

Upgrade the affected binaries with the following sequence:

Download erg712801.711.pkg.Z to the /var/spool/pkg directory

# uncompress /var/spool/pkg/erg712801.711.pkg.Z
# pkgadd -d /var/spool/pkg/erg712801.711.pkg


7. References

Specific references for this advisory:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0468
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0469
http://www.idefense.com/application/poi/display?id=221&type=vulnerabilities
http://www.idefense.com/application/poi/display?id=220&type=vulnerabilities

SCO security resources:
http://www.sco.com/support/security/index.html

SCO security advisories via email
http://www.sco.com/support/forums/security.html

This security fix closes SCO incidents sr893210 fz531446
erg712801.


8. Disclaimer

SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers
intended to promote secure installation and use of SCO
products.


9. Acknowledgments

SCO would like to thank Gal Delalleau and iDEFENSE

______________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (SCO/SYSV)

iD8DBQFCVtn4aqoBO7ipriERAkZbAJ9qiuR3M89tJWzyJ3K7Q5NbBRTvMgCfdeFY
JmJIo8zz/ppyCI4EQ5UY9jA=
=8sOq
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close