BugTraq
UnixWare 7.1.4 UnixWare 7.1.3 : cpio race condition and directory traversal issues fixed. Aug 18 2005 08:07PM
please_reply_to_security sco com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

________________________________________________________________________
______

SCO Security Advisory

Subject: UnixWare 7.1.4 UnixWare 7.1.3 : cpio race condition and directory traversal issues fixed.
Advisory number: SCOSA-2005.32
Issue date: 2005 August 18
Cross reference: sr893934 fz532333 erg712854 CAN-2005-1111 CAN-2005-1229
________________________________________________________________________
______

1. Problem Description

A race condition in cpio 2.6 and earlier allows local users
to modify permissions of arbitrary files via a hard link
attack on a file while it is being decompressed, whose
permissions are changed by cpio after the decompression
is complete.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2005-1111 to this issue

A directory traversal vulnerability in cpio 2.6 and earlier
allows remote attackers to write to arbitrary directories
via a .. (dot dot) in a cpio file.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-1229 to this issue

2. Vulnerable Supported Versions

System Binaries
----------------------------------------------------------------------
UnixWare 7.1.4 /bin/cpio
UnixWare 7.1.3 /bin/cpio

3. Solution

The proper solution is to install the latest packages.

4. UnixWare 7.1.4

4.1 Location of Fixed Binaries

ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.32

4.2 Verification

MD5 (erg712854.uw714.pkg.Z) = a12807ae0a69d88a3b4f0ed7a014f3ef

md5 is available for download from
ftp://ftp.sco.com/pub/security/tools

4.3 Installing Fixed Binaries

Upgrade the affected binaries with the following sequence:

Download erg712854.uw714.pkg.Z to the /var/spool/pkg directory

# uncompress /var/spool/pkg/erg712854.uw714.pkg.Z
# pkgadd -d /var/spool/pkg/erg712854.uw714.pkg

5. UnixWare 7.1.3

5.1 Location of Fixed Binaries

ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.32

5.2 Verification

MD5 (erg712854.uw713.pkg.Z) = 0b514e72f094c21d8c49b359d05e8e7e

md5 is available for download from
ftp://ftp.sco.com/pub/security/tools

5.3 Installing Fixed Binaries

Upgrade the affected binaries with the following sequence:

Download erg712854.uw713.pkg.Z to the /var/spool/pkg directory

# uncompress /var/spool/pkg/erg712854.uw713.pkg.Z
# pkgadd -d /var/spool/pkg/erg712854.uw713.pkg

6. References

Specific references for this advisory:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1111
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1229
http://xforce.iss.net/xforce/xfdb/20204

SCO security resources:
http://www.sco.com/support/security/index.html

SCO security advisories via email
http://www.sco.com/support/forums/security.html

This security fix closes SCO incidents sr893934 fz532333
erg712854.

7. Disclaimer

SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers
intended to promote secure installation and use of SCO
products.

________________________________________________________________________
______

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (SCO/SYSV)

iD8DBQFDBOeMaqoBO7ipriERAuRJAJ0cYodhPtdCH7kyiaeMrdtCJTNMdACfVd/E
QoE27v9zH1rVoPsC+4yIx6A=
=QNAv
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus