SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   X Vendors:   Caldera/SCO
SCO Open UNIX X Server Sets Weak Permissions on /dev/X Directory, Allowing Local Users to Deny Service or Hijack Session Data
SecurityTracker Alert ID:  1006230
SecurityTracker URL:  http://securitytracker.com/id/1006230
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Mar 6 2003
Impact:   Denial of service via local system, Disclosure of system information, Modification of system information, User access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): UnixWare 7.1.1, 7.1.3; Open UNIX 8.0.0
Description:   A directory permission configuration vulnerability was reported in the SCO UNIX X Server. A local user could deny service to other users or potentially obtain access to session data.

It is reported that when the X server is installed, the /dev/X directory and the files in the directory are configured to be world readable and writable. A local user may be able to cause denial of service conditions or potentially hijack user data. No further details were provided.

Impact:   A local user may be able to create or modify files in the directory to deny service to other users. A local user may be able to hijack a session by modifying files in the directory.
Solution:   The vendor has released the following fixes:

For UnixWare 7.1.1:

Location of Fixed Binaries

ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.4


Verification

MD5 (basex.pkg.Z) = 510888d562f6c2249555fefdae94d49d
MD5 (xserver.pkg.Z) = 74797f12d6e3e80300980854050f62ef

md5 is available for download from
ftp://ftp.sco.com/pub/security/tools


Installing Fixed Binaries

Upgrade the affected binaries with the following sequence:

Download basex.pkg.Z to the /var/spool/pkg directory

# uncompress /var/spool/pkg/basex.pkg.Z
# pkgadd -d /var/spool/pkg/basex.pkg

# uncompress /var/spool/pkg/xserver.pkg.Z
# pkgadd -d /var/spool/pkg/xserver.pkg


For Open UNIX 8.0.0:

Location of Fixed Binaries

ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.4


Verification

MD5 (basex.pkg.Z) = 510888d562f6c2249555fefdae94d49d
MD5 (xserver.pkg.Z) = 74797f12d6e3e80300980854050f62ef

md5 is available for download from
ftp://ftp.sco.com/pub/security/tools


Installing Fixed Binaries

Upgrade the affected binaries with the following sequence:

Download basex.pkg.Z to the /var/spool/pkg directory

# uncompress /var/spool/pkg/basex.pkg.Z
# pkgadd -d /var/spool/pkg/basex.pkg

# uncompress /var/spool/pkg/xserver.pkg.Z
# pkgadd -d /var/spool/pkg/xserver.pkg


For UnixWare 7.1.3:

Location of Fixed Binaries

ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.4


Verification

MD5 (basex.pkg.Z) = 510888d562f6c2249555fefdae94d49d
MD5 (xserver.pkg.Z) = 74797f12d6e3e80300980854050f62ef

md5 is available for download from
ftp://ftp.sco.com/pub/security/tools


Installing Fixed Binaries

Upgrade the affected binaries with the following sequence:

Download basex.pkg.Z to the /var/spool/pkg directory

# uncompress /var/spool/pkg/basex.pkg.Z
# pkgadd -d /var/spool/pkg/basex.pkg

# uncompress /var/spool/pkg/xserver.pkg.Z
# pkgadd -d /var/spool/pkg/xserver.pkg

Vendor URL:  www.sco.com/support/security/index.html (Links to External Site)
Cause:   Access control error, Configuration error
Underlying OS:  UNIX (Open UNIX-SCO)

Message History:   None.


 Source Message Contents

Subject:  Security Update: [CSSA-2003-SCO.4] UnixWare 7.1.1 Open UNIX 8.0.0 UnixWare 7.1.3 : Lax permissions on /dev/X


--q9KOos5vDmpwPx9o
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

To: bugtraq@securityfocus.com announce@lists.caldera.com scoannmod@xenitec.on.ca full-disclosure@lists.netsys.com

______________________________________________________________________________

			SCO Security Advisory

Subject:		UnixWare 7.1.1 Open UNIX 8.0.0 UnixWare 7.1.3 : Lax permissions on /dev/X
Advisory number: 	CSSA-2003-SCO.4
Issue date: 		2003 March 04
Cross reference:
______________________________________________________________________________


1. Problem Description

	The /dev/X directory is world readable and writable, and
	the files in it are also world readable and writable.
	Denial-of-Service attacks are possible, as well as possible
	data hijacking. The X server sets these permissions when
	it starts up, so there is no workaround for this issue.


2. Vulnerable Supported Versions

	System				Binaries
	----------------------------------------------------------------------
	UnixWare 7.1.1			Standard X Distribution
	Open UNIX 8.0.0			Standard X Distribution
	UnixWare 7.1.3			Standard X Distribution

3. Solution

	The proper solution is to install the latest packages.


4. UnixWare 7.1.1

	4.1 Location of Fixed Binaries

	ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.4


	4.2 Verification

	MD5 (basex.pkg.Z) = 510888d562f6c2249555fefdae94d49d
	MD5 (xserver.pkg.Z) = 74797f12d6e3e80300980854050f62ef

	md5 is available for download from
		ftp://ftp.sco.com/pub/security/tools


	4.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following sequence:

	Download basex.pkg.Z to the /var/spool/pkg directory

	# uncompress /var/spool/pkg/basex.pkg.Z
	# pkgadd -d /var/spool/pkg/basex.pkg

	# uncompress /var/spool/pkg/xserver.pkg.Z
	# pkgadd -d /var/spool/pkg/xserver.pkg


5. Open UNIX 8.0.0

	5.1 Location of Fixed Binaries

	ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.4


	5.2 Verification

	MD5 (basex.pkg.Z) = 510888d562f6c2249555fefdae94d49d
	MD5 (xserver.pkg.Z) = 74797f12d6e3e80300980854050f62ef

	md5 is available for download from
		ftp://ftp.sco.com/pub/security/tools


	5.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following sequence:

	Download basex.pkg.Z to the /var/spool/pkg directory

	# uncompress /var/spool/pkg/basex.pkg.Z
	# pkgadd -d /var/spool/pkg/basex.pkg

	# uncompress /var/spool/pkg/xserver.pkg.Z
	# pkgadd -d /var/spool/pkg/xserver.pkg


6. UnixWare 7.1.3

	6.1 Location of Fixed Binaries

	ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.4


	6.2 Verification

	MD5 (basex.pkg.Z) = 510888d562f6c2249555fefdae94d49d
	MD5 (xserver.pkg.Z) = 74797f12d6e3e80300980854050f62ef

	md5 is available for download from
		ftp://ftp.sco.com/pub/security/tools


	6.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following sequence:

	Download basex.pkg.Z to the /var/spool/pkg directory

	# uncompress /var/spool/pkg/basex.pkg.Z
	# pkgadd -d /var/spool/pkg/basex.pkg

	# uncompress /var/spool/pkg/xserver.pkg.Z
	# pkgadd -d /var/spool/pkg/xserver.pkg


7. References

	Specific references for this advisory:

		none

	SCO security resources:

		http://www.sco.com/support/security/index.html

	This security fix closes SCO incidents sr874992, sr874607,
	fz527440, erg712231.


8. Disclaimer

	SCO is not responsible for the misuse of any of the information
	we provide on this website and/or through our security
	advisories. Our advisories are a service to our customers
	intended to promote secure installation and use of SCO
	products.

______________________________________________________________________________

--q9KOos5vDmpwPx9o
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAj5mikIACgkQaqoBO7ipriHvYQCgi9VrM/YGm6i6jf1FS16GI5ek
3eYAn3Oy2yRttP+hNe+G7Fdy3sGos00k
=/6zk
-----END PGP SIGNATURE-----

--q9KOos5vDmpwPx9o--

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC