Subject: OpenServer 5.0.6 OpenServer 5.0.7 : cscope local attacker can remove arbitrary files
Advisory number: SCOSA-2005.11
Issue date: 2005 April 7
Cross reference: sr892180 fz530504 erg712739 CAN-2004-0996
________________________________________________________________________
______
1. Problem Description
cscope is a developer's tool for browsing source code.
cscope creates temporary files with an easily predictable
file name. A local attacker could exploit this vulnerability
and possibly gain elevated privileges on the system.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2004-0996 to this issue.
2. Vulnerable Supported Versions
System Binaries
----------------------------------------------------------------------
OpenServer 5.0.6 /usr/ccs/bin/cscope
OpenServer 5.0.7 /usr/ccs/bin/cscope
3. Solution
The proper solution is to install the latest packages.
md5 is available for download from
ftp://ftp.sco.com/pub/security/tools
5.3 Installing Fixed Binaries
Upgrade the affected binaries with the following sequence:
1) Download the VOL* files to a directory
2) Run the custom command, specify an install from media
images, and specify the directory as the location of the
images.
6. References
Specific references for this advisory:
http://xforce.iss.net/xforce/xfdb/18125
http://www.securityfocus.com/bid/11697
http://marc.theaimsgroup.com/?l=bugtraq&m=110133485519690&w=2
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0996
SCO security advisories via email
http://www.sco.com/support/forums/security.html
This security fix closes SCO incidents sr892180 fz530504
erg712739.
7. Disclaimer
SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers
intended to promote secure installation and use of SCO
products.
8. Acknowledgments
SCO would like to thank Gangstuck / Psirac <research (at) rexotec (dot) com [email concealed]>
who disclosed this vulnerability. Jeremy Bae from STG
Security Inc <swbae (at) stgsecurity (dot) com [email concealed]> also disclosed this
vulnerability to the vendor.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
________________________________________________________________________
______
SCO Security Advisory
Subject: OpenServer 5.0.6 OpenServer 5.0.7 : cscope local attacker can remove arbitrary files
Advisory number: SCOSA-2005.11
Issue date: 2005 April 7
Cross reference: sr892180 fz530504 erg712739 CAN-2004-0996
________________________________________________________________________
______
1. Problem Description
cscope is a developer's tool for browsing source code.
cscope creates temporary files with an easily predictable
file name. A local attacker could exploit this vulnerability
and possibly gain elevated privileges on the system.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2004-0996 to this issue.
2. Vulnerable Supported Versions
System Binaries
----------------------------------------------------------------------
OpenServer 5.0.6 /usr/ccs/bin/cscope
OpenServer 5.0.7 /usr/ccs/bin/cscope
3. Solution
The proper solution is to install the latest packages.
4. OpenServer 5.0.6
4.1 Location of Fixed Binaries
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.11
4.2 Verification
MD5 (VOL.000.000) = 1fb21699e2a86a2aeb390a57219ff567
md5 is available for download from
ftp://ftp.sco.com/pub/security/tools
4.3 Installing Fixed Binaries
Upgrade the affected binaries with the following sequence:
1) Download the VOL* files to a directory
2) Run the custom command, specify an install from media
images, and specify the directory as the location of the
images.
5. OpenServer 5.0.7
5.1 Location of Fixed Binaries
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.11
5.2 Verification
MD5 (VOL.000.000) = 1fb21699e2a86a2aeb390a57219ff567
md5 is available for download from
ftp://ftp.sco.com/pub/security/tools
5.3 Installing Fixed Binaries
Upgrade the affected binaries with the following sequence:
1) Download the VOL* files to a directory
2) Run the custom command, specify an install from media
images, and specify the directory as the location of the
images.
6. References
Specific references for this advisory:
http://xforce.iss.net/xforce/xfdb/18125
http://www.securityfocus.com/bid/11697
http://marc.theaimsgroup.com/?l=bugtraq&m=110133485519690&w=2
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0996
SCO security resources:
http://www.sco.com/support/security/index.html
SCO security advisories via email
http://www.sco.com/support/forums/security.html
This security fix closes SCO incidents sr892180 fz530504
erg712739.
7. Disclaimer
SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers
intended to promote secure installation and use of SCO
products.
8. Acknowledgments
SCO would like to thank Gangstuck / Psirac <research (at) rexotec (dot) com [email concealed]>
who disclosed this vulnerability. Jeremy Bae from STG
Security Inc <swbae (at) stgsecurity (dot) com [email concealed]> also disclosed this
vulnerability to the vendor.
________________________________________________________________________
______
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (SCO/SYSV)
iD8DBQFCVY+taqoBO7ipriERAqV1AJ9efhMnTGgI0X0i+9u69ESgLpF8xgCeI8Jj
e3dYzV4evbTDaDlU3X3QJfw=
=DCWX
-----END PGP SIGNATURE-----
[ reply ]