-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________

			SCO Security Advisory

Subject:		OpenServer 5.0.7 OpenServer 5.0.6 OpenServer 5.0.5 : wu-ftpd fb_realpath() off-by-one bug
Advisory number: 	CSSA-2003-SCO.20
Issue date: 		2003 September 18
Cross reference:	sr882339 fz528115 erg712363
______________________________________________________________________________


1. Problem Description

	 Wu-ftpd FTP server contains remotely exploitable off-by-one
	 bug. A local or remote attacker could exploit this
	 vulnerability to gain root privileges on a vulnerable
	 system. 
	 
	 The Common Vulnerabilities and Exposures project
	 (cve.mitre.org) has assigned the name CAN-2003-0466 to
	 this issue.


2. Vulnerable Supported Versions

	System				Binaries
	----------------------------------------------------------------------
	OpenServer 5.0.5 - 5.0.7	/etc/ftpd

3. Solution

	The proper solution is to install the latest packages.


4. OpenServer 5.0.7

	4.1 Install Maintenance pack 1.

	4.2 Location of Maintenance pack 1.

	ftp://ftp.sco.com/pub/openserver5/osr507mp/

	4.3 Installing Maintenance pack 1.

	Upgrade the affected binaries with the following sequence:

	1) Download the VOL* files to the /tmp directory

	2) Run the custom command, specify an install from media
	images, and specify the /tmp directory as the location of
	the images.

5. OpenServer 5.0.6 - 5.0.5

	5.1 First, install:

		OSS646B - Execution Environment Supplement

	5.2 Location of Fixed Binaries

	ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.20

	5.3 Verification

	MD5 (VOL.000.000) = 7cde8ff3cf05658b054dae20f6620bcb

	md5 is available for download from
		ftp://ftp.sco.com/pub/security/tools


	5.4 Installing Fixed Binaries

	Upgrade the affected binaries with the following sequence:

	1) Download the VOL* files to the /tmp directory

	2) Run the custom command, specify an install from media
	images, and specify the /tmp directory as the location of
	the images.


6. References

	Specific references for this advisory:
		http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0466 
		http://isec.pl/vulnerabilities/isec-0011-wu-ftpd.txt 
		http://www.ciac.org/ciac/bulletins/n-132.shtml

	SCO security resources:
		http://www.sco.com/support/security/index.html

	This security fix closes SCO incidents sr882339 fz528115
	erg712363.


8. Disclaimer

	SCO is not responsible for the misuse of any of the information
	we provide on this website and/or through our security
	advisories. Our advisories are a service to our customers
	intended to promote secure installation and use of SCO
	products.


9. Acknowledgments

	 SCO would like to thank Wojciech Purczynski and Janusz
	 Niewiadomski for the advisory.

______________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux)

iD8DBQE/bzTsaqoBO7ipriERAidHAJ4wpBW9J3GCPEwn6Mak9t5+XAZAwgCghQSs
q7S5CxTJrBp2c0KqG+NM+Zw=
=4pz6
-----END PGP SIGNATURE-----