SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   X Vendors:   Caldera/SCO
Caldera Open UNIX X11 Library Buffer Overflow May Allow Users to Exploit Applications That are Based on the Library to Gain Elevated Privileges
SecurityTracker Alert ID:  1004104
SecurityTracker URL:  http://securitytracker.com/id/1004104
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Apr 18 2002
Impact:   Denial of service via network, Execution of arbitrary code via network, Root access via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   Caldera reported a vulnerability in libX11 for Caldera Open UNIX (UnixWare). A user may be able to exploit applications that use the library to gain elevated privileges on the system.

It is reported that any command linked with the libX11 library that accepts the -xrm option will core dump if a long string is used as the argument. Any set user id (setuid) or set group id (setgid) application that uses or accepts the -xrm option is vulnerable to attack.

Caldera reports that the 'basex' package is affected.

Impact:   A remote user may be able to execute arbitrary code with elevated privileges. The extent of the impact of the vulnerability depends on the application program that was linked with the affected library.
Solution:   The vendor has issued a fix.

For Open UNIX 8.0.0:

ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.15

The verification checksum is:

MD5 (basex.711b.pkg) = 237963c02165609b41f33d6de50279c5

Upgrade the affected binaries with the following commands:

Download basex.711b.pkg to the /var/spool/pkg directory

# pkgadd -d /var/spool/pkg/basex.711b.pkg


For UnixWare 7.1.1:

ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.15

The verification checksum is:

MD5 (basex.711b.pkg) = 237963c02165609b41f33d6de50279c5

Upgrade the affected binaries with the following commands:

Download basex.711b.pkg to the /var/spool/pkg directory

# pkgadd -d /var/spool/pkg/basex.711b.pkg

Vendor URL:  stage.caldera.com/support/security/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  UNIX (Open UNIX-SCO)
Underlying OS Comments:  Open UNIX 8.0.0 UnixWare 7.1.1

Message History:   None.


 Source Message Contents

Subject:  Security Update: [CSSA-2002-SCO.15] Open UNIX 8.0.0 UnixWare 7.1.1 : Buffer overflow in libX11 with -xrm


--VrqPEDrXMn8OVzN4
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

To: bugtraq@securityfocus.com announce@lists.caldera.com scoannmod@xenitec.on.ca


______________________________________________________________________________

		Caldera International, Inc.  Security Advisory

Subject:		Open UNIX 8.0.0 UnixWare 7.1.1 : Buffer overflow in libX11 with -xrm
Advisory number: 	CSSA-2002-SCO.15
Issue date: 		2002 April 11
Cross reference:
______________________________________________________________________________


1. Problem Description

	There is a buffer overflow in the X11 library such that any
	command linked with it that accepts the -xrm option will
	core dump if a long string is used as the argument. Any
	setuid setgid program that accepts the -xrm option is
	vulnerable to attack.


2. Vulnerable Supported Versions

	System				Package
	----------------------------------------------------------------------
	Open UNIX 8.0.0 		basex
	UnixWare 7.1.1			basex


3. Solution

	The proper solution is to install the latest packages.


4. Open UNIX 8.0.0

	4.1 Location of Fixed Binaries

	ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.15


	4.2 Verification

	MD5 (basex.711b.pkg) = 237963c02165609b41f33d6de50279c5

	md5 is available for download from
		ftp://stage.caldera.com/pub/security/tools/


	4.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following commands:

	Download basex.711b.pkg to the /var/spool/pkg directory

	# pkgadd -d /var/spool/pkg/basex.711b.pkg


5. UnixWare 7.1.1

	5.1 Location of Fixed Binaries

	ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.15


	5.2 Verification

	MD5 (basex.711b.pkg) = 237963c02165609b41f33d6de50279c5

	md5 is available for download from
		ftp://stage.caldera.com/pub/security/tools/


	5.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following commands:

	Download basex.711b.pkg to the /var/spool/pkg directory

	# pkgadd -d /var/spool/pkg/basex.711b.pkg


6. References

	Specific references for this advisory:
		none

	Caldera UNIX security resources:
		http://stage.caldera.com/support/security/

	Caldera OpenLinux security resources:
		http://www.caldera.com/support/security/index.html

	This security fix closes Caldera incidents sr858540, fz519799,
	erg711938.


7. Disclaimer

	Caldera International, Inc. is not responsible for the
	misuse of any of the information we provide on this website
	and/or through our security advisories. Our advisories are
	a service to our customers intended to promote secure
	installation and use of Caldera products.


______________________________________________________________________________

--VrqPEDrXMn8OVzN4
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjy2BxMACgkQaqoBO7ipriFtoQCgobtIuvkVc3mX7Do8V0/oGdpN
EN0An0GCYuAdCMlH6mv5mItO1g02Ab9q
=FkLI
-----END PGP SIGNATURE-----

--VrqPEDrXMn8OVzN4--

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC