-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SCO Security Advisory Subject: Linux: canna buffer overflow and denial of service Advisory number: CSSA-2003-005.0 Issue date: 2003 January 21 Cross reference: ______________________________________________________________________________ 1. Problem Description Buffer overflow in canna allows local users to execute arbitrary code as the bin user. canna does not properly validate requests, which allows remote attackers to cause a denial of service or information leak. 2. Vulnerable Supported Versions System Package ---------------------------------------------------------------------- OpenLinux 3.1.1 Server prior to canna-3.5b2-8.i386.rpm prior to canna-devel-3.5b2-8.i386.rpm prior to canna-devel-static-3.5b2-8.i386.rpm OpenLinux 3.1.1 Workstation prior to canna-3.5b2-8.i386.rpm prior to canna-devel-3.5b2-8.i386.rpm prior to canna-devel-static-3.5b2-8.i386.rpm 3. Solution The proper solution is to install the latest packages. Many customers find it easier to use the Caldera System Updater, called cupdate (or kcupdate under the KDE environment), to update these packages rather than downloading and installing them by hand. 4. OpenLinux 3.1.1 Server 4.1 Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-005.0/RPMS 4.2 Packages 91acd89bd9041e06c0a22e4d73b5bb1f canna-3.5b2-8.i386.rpm 890df673f86a9e3ef23d1770e75cc5e8 canna-devel-3.5b2-8.i386.rpm 513aedd7b706851975e4cee968a2c66a canna-devel-static-3.5b2-8.i386.rpm 4.3 Installation rpm -Fvh canna-3.5b2-8.i386.rpm rpm -Fvh canna-devel-3.5b2-8.i386.rpm rpm -Fvh canna-devel-static-3.5b2-8.i386.rpm 4.4 Source Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-005.0/SRPMS 4.5 Source Packages 3e92b7252f01b1cb0e074cbe1bcd9227 canna-3.5b2-8.src.rpm 5. OpenLinux 3.1.1 Workstation 5.1 Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-005.0/RPMS 5.2 Packages 198b5ab5f66121a177db0090a727552d canna-3.5b2-8.i386.rpm 17f7e5c1090eae3842b0e96e24d24852 canna-devel-3.5b2-8.i386.rpm 00c131c99ffc54975e1a7c1b2b95441f canna-devel-static-3.5b2-8.i386.rpm 5.3 Installation rpm -Fvh canna-3.5b2-8.i386.rpm rpm -Fvh canna-devel-3.5b2-8.i386.rpm rpm -Fvh canna-devel-static-3.5b2-8.i386.rpm 5.4 Source Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-005.0/SRPMS 5.5 Source Packages e824ab48c8e0e363d36ed1ad6b105b0c canna-3.5b2-8.src.rpm 6. References Specific references for this advisory: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1158 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1159 SCO security resources: http://www.sco.com/support/security/index.html This security fix closes SCO incidents sr873579, fz527128, erg712199. 7. Disclaimer SCO is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of SCO products. 8. Acknowledgements Shinra Aida of the Canna project and "hsj" of Shadow Penguin Security discovered and researched these vulnerabilities. ______________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iEYEARECAAYFAj4tu5EACgkQbluZssSXDTH2BgCghCE0EK1OXIqI1IIKYpompgJM 4MEAnjMtGW+IsigHi7lPG77xRXgTsdT/ =2zGz -----END PGP SIGNATURE-----