-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SCO Security Advisory Subject: OpenServer 5.0.7 OpenServer 6.0.0 : Xpdf PDF Viewer Multiple Vulnerabilities Advisory number: SCOSA-2005.42 Issue date: 2005 October 18 Cross reference: sr894841 fz532914 erg712913 sr894861 fz532913 erg712914 CAN-2004-1125 CAN-2005-0064 CAN-2005-2097 ______________________________________________________________________________ 1. Problem Description Xpdf is an open-source viewer for Portable Document Format (PDF) files. Buffer overflow in xpdf 3.00, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PDF file that causes the boundaries of a maskColors array to be exceeded. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1125 to this issue. Buffer overflow in xpdf 3.00 and earlier allows remote attackers to execute arbitrary code via a PDF file with a large /Encrypt /Length keyLength value. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0064 to this issue. xpdf do not properly validate the "loca" table in PDF files, which allows local users to cause a denial of service (disk consumption and hang) via a PDF file with a "broken" loca table, which causes a large temporary file to be created when xpdf attempts to reconstruct the information. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-2097 to this issue. 2. Vulnerable Supported Versions System Binaries ---------------------------------------------------------------------- OpenServer 5.0.7 xpdf distribution OpenServer 6.0.0 xpdf distribution 3. Solution The proper solution is to install the latest packages. 4. OpenServer 5.0.7 4.1 Location of Fixed Binaries ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.42/507 4.2 Verification MD5 (VOL.000.000) = 91322dcd210248ba4607235cb3e09436 MD5 (VOL.000.001) = c846cdfce81f1487c3684ee3af046fa5 MD5 (VOL.000.002) = be20d0832276353840517a3315853044 MD5 (VOL.000.003) = 748004313dcaf8827edc261ee196c035 md5 is available for download from ftp://ftp.sco.com/pub/security/tools 4.3 Installing Fixed Binaries Upgrade the affected binaries with the following sequence: 1) Download the VOL* files to a directory 2) Run the custom command, specify an install from media images, and specify the directory as the location of the images. 5. OpenServer 6.0.0 5.1 Location of Fixed Binaries ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.42/600 5.2 Verification MD5 (VOL.000.000) = 2aa83f054b614c2db53418111bd2bfb0 MD5 (VOL.000.001) = e93806f0d79c1f9a925aeed1f4b7f659 MD5 (VOL.000.002) = 130e116d8463b57592955064a6e86fd6 MD5 (VOL.000.003) = a2d2a47f067527aa5a28c1a9721257b6 md5 is available for download from ftp://ftp.sco.com/pub/security/tools 5.3 Installing Fixed Binaries Upgrade the affected binaries with the following sequence: 1) Download the VOL* files to a directory 2) Run the custom command, specify an install from media images, and specify the directory as the location of the images. 6. References Specific references for this advisory: http://www.idefense.com/application/poi/display?id=172&type=vulnerabilities http://www.idefense.com/application/poi/display?id=186&type=vulnerabilities http://lists.grok.org.uk/pipermail/full-disclosure/2004-December/030241.html SCO security resources: http://www.sco.com/support/security/index.html SCO security advisories via email http://www.sco.com/support/forums/security.html This security fix closes SCO incidents: sr894841 fz532914 erg712913 sr894861 fz532913 erg712914 7. Disclaimer SCO is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of SCO products. ______________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (UnixWare) iD8DBQFDVWDWaqoBO7ipriERAmJgAJ0d2AivC+71xWSPdrXYhJKpml0t3QCfSJiF ka+J/vTtjx3Te+mMsG+ldeI= =d7RF -----END PGP SIGNATURE-----