-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SCO Security Advisory Subject: UnixWare 7.1.1 Open UNIX 8.0.0 UnixWare 7.1.3 : ftp vulnerability with pipe symbols in filenames Advisory number: CSSA-2003-SCO.3 Issue date: 2003 March 03 Cross reference: ______________________________________________________________________________ 1. Problem Description By using a filename with a | (pipe symbol) in it, shell commands can be issued remotely on the machine of a user who is retrieving files with the FTP client program, from a compromised or malicious ftp server. This leads to a compromise of the client machine. 2. Vulnerable Supported Versions System Binaries ---------------------------------------------------------------------- UnixWare 7.1.1 /usr/bin/ftp Open UNIX 8.0.0 /usr/bin/ftp UnixWare 7.1.3 /usr/bin/ftp 3. Solution The proper solution is to install the latest packages. 4. UnixWare 7.1.1 4.1 Location of Fixed Binaries ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.3 4.2 Verification MD5 (erg712227.pkg.Z) = 296bbcf1394f7010397b8d90f9a9978d md5 is available for download from ftp://ftp.sco.com/pub/security/tools 4.3 Installing Fixed Binaries Upgrade the affected binaries with the following sequence: Download erg712227.pkg.Z to the /var/spool/pkg directory # uncompress /var/spool/pkg/erg712227.pkg.Z # pkgadd -d /var/spool/pkg/erg712227.pkg 5. Open UNIX 8.0.0 5.1 Location of Fixed Binaries ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.3 5.2 Verification MD5 (erg712227.pkg.Z) = 296bbcf1394f7010397b8d90f9a9978d md5 is available for download from ftp://ftp.sco.com/pub/security/tools 5.3 Installing Fixed Binaries Upgrade the affected binaries with the following sequence: Download erg712227.pkg.Z to the /var/spool/pkg directory # uncompress /var/spool/pkg/erg712227.pkg.Z # pkgadd -d /var/spool/pkg/erg712227.pkg 6. UnixWare 7.1.3 6.1 Location of Fixed Binaries ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.3 6.2 Verification MD5 (erg712227.pkg.Z) = 296bbcf1394f7010397b8d90f9a9978d md5 is available for download from ftp://ftp.sco.com/pub/security/tools 6.3 Installing Fixed Binaries Upgrade the affected binaries with the following sequence: Download erg712227.pkg.Z to the /var/spool/pkg directory # uncompress /var/spool/pkg/erg712227.pkg.Z # pkgadd -d /var/spool/pkg/erg712227.pkg 7. References Specific references for this advisory: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0041 SCO security resources: http://www.sco.com/support/security/index.html This security fix closes SCO incidents sr874929, fz527425, erg712227. 8. Disclaimer SCO is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of SCO products. 9. Acknowledgements This vulnerability was first published in 1997 on Bugtraq, and was discovered again by The Hackademy Audit team in September 2002 during a source code audit. ______________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (SCO_SV) Comment: For info see http://www.gnupg.org iEYEARECAAYFAj5j3iMACgkQaqoBO7ipriHY4gCgjVmOcEpSoYQ/s03r11ah/eHP Kl8AnA0X2fH0v5q6ZQFXkHKcFsMihubV =TEBK -----END PGP SIGNATURE-----