From security@caldera.com Sat Nov 23 00:42:28 2002 From: security@caldera.com To: bugtraq@securityfocus.com, announce@lists.caldera.com, security-alerts@linuxsecurity.com, full-disclosure@lists.netsys.com Date: Fri, 22 Nov 2002 16:52:38 -0800 Reply-To: please_reply_to_security@caldera.com Subject: [Full-Disclosure] Security Update: [CSSA-2002-053.0] Linux: gv execution of arbitrary shell commands To: bugtraq@securityfocus.com announce@lists.caldera.com security-alerts@linuxsecurity.com full-disclosure@lists.netsys.com ______________________________________________________________________________ SCO Security Advisory Subject: Linux: gv execution of arbitrary shell commands Advisory number: CSSA-2002-053.0 Issue date: 2002 November 22 Cross reference: ______________________________________________________________________________ 1. Problem Description gv can be forced to execute arbitrary shell commands by using a buffer overflow. 2. Vulnerable Supported Versions System Package ---------------------------------------------------------------------- OpenLinux 3.1.1 Server prior to gv-3.5.8-10.i386.rpm prior to gv-doc-html-3.5.8-10.i386.rpm OpenLinux 3.1.1 Workstation prior to gv-3.5.8-10.i386.rpm prior to gv-doc-html-3.5.8-10.i386.rpm OpenLinux 3.1 Server prior to gv-3.5.8-10.i386.rpm prior to gv-doc-html-3.5.8-10.i386.rpm OpenLinux 3.1 Workstation prior to gv-3.5.8-10.i386.rpm prior to gv-doc-html-3.5.8-10.i386.rpm 3. Solution The proper solution is to install the latest packages. Many customers find it easier to use the Caldera System Updater, called cupdate (or kcupdate under the KDE environment), to update these packages rather than downloading and installing them by hand. 4. OpenLinux 3.1.1 Server 4.1 Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-053.0/RPMS 4.2 Packages cb5eea88360c079d7d54177329e166c0 gv-3.5.8-10.i386.rpm cdb3756c1b6a091afaf39de0dabf4596 gv-doc-html-3.5.8-10.i386.rpm 4.3 Installation rpm -Fvh gv-3.5.8-10.i386.rpm rpm -Fvh gv-doc-html-3.5.8-10.i386.rpm 4.4 Source Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-053.0/SRPMS 4.5 Source Packages 77808a8c99f8d4633d391be68386b409 gv-3.5.8-10.src.rpm 5. OpenLinux 3.1.1 Workstation 5.1 Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-053.0/RPMS 5.2 Packages 0bcae541db2c4789cf32cc7b23943c98 gv-3.5.8-10.i386.rpm 2c98eb1edba9735634561c1fca76a50b gv-doc-html-3.5.8-10.i386.rpm 5.3 Installation rpm -Fvh gv-3.5.8-10.i386.rpm rpm -Fvh gv-doc-html-3.5.8-10.i386.rpm 5.4 Source Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-053.0/SRPMS 5.5 Source Packages 21aedbec359aa6f089a33faa5351beaa gv-3.5.8-10.src.rpm 6. OpenLinux 3.1 Server 6.1 Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-053.0/RPMS 6.2 Packages f806bd5555db9447219bc4cf7d8a6943 gv-3.5.8-10.i386.rpm d2ec6637464a67324465aaa78fe4ce1c gv-doc-html-3.5.8-10.i386.rpm 6.3 Installation rpm -Fvh gv-3.5.8-10.i386.rpm rpm -Fvh gv-doc-html-3.5.8-10.i386.rpm 6.4 Source Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-053.0/SRPMS 6.5 Source Packages 08391461cbfe9285473837051dfa659e gv-3.5.8-10.src.rpm 7. OpenLinux 3.1 Workstation 7.1 Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-053.0/RPMS 7.2 Packages 2d02777949ff45ff5fded454dc20cc51 gv-3.5.8-10.i386.rpm d18bed4ecc2e6770bb51566f8eb52568 gv-doc-html-3.5.8-10.i386.rpm 7.3 Installation rpm -Fvh gv-3.5.8-10.i386.rpm rpm -Fvh gv-doc-html-3.5.8-10.i386.rpm 7.4 Source Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-053.0/SRPMS 7.5 Source Packages b3a98182f3c5667b255dff4b3cb887a0 gv-3.5.8-10.src.rpm 8. References Specific references for this advisory: http://www.epita.fr/~bevand_m/asa/asa-0000 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0838 iDEFENSE Security Advisory 09.26.2002 SCO security resources: http://www.sco.com/support/security/index.html This security fix closes SCO incidents sr869923, fz526236, erg712135. 9. Disclaimer SCO is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of SCO products. 10. Acknowledgements Marc Bevand and David Endler discovered and researched this vulnerability. ______________________________________________________________________________ [ Part 2, Application/PGP-SIGNATURE 245bytes. ] [ Unable to print this part. ]