______________________________________________________________________________ SCO Security Advisory Subject: UnixWare 7.1.4 UnixWare 7.1.3 : Zlib 1.2 < 1.2.3 buffer overflow arbitrary code exec Advisory number: SCOSA-2005.33 Issue date: 2005 August 19 Cross reference: sr894695 fz532826 erg712898 CAN-2005-1849 CAN-2005-2096 CAN-2004-0797 ______________________________________________________________________________ 1. Problem Description The error handling in the (1) inflate and (2) inflateBack functions in ZLib compression library 1.2.x allows local users to cause a denial of service (application crash). The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0797 to this issue. inftrees.h in zlib 1.2.2 allows remote attackers to cause a denial of service (application crash) via an invalid file that causes a large dynamic tree to be produced. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-1849 to this issue. Buffer overflow in zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream, as demonstrated using a crafted PNG file. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-2096 to this issue. 2. Vulnerable Supported Versions System Binaries ---------------------------------------------------------------------- UnixWare 7.1.4 /usr/include/zconf.h /usr/include/zlib.h /usr/lib/libz.a /usr/lib/libz.so.1.2.3 UnixWare 7.1.3 /usr/include/zconf.h /usr/include/zlib.h /usr/lib/libz.a /usr/lib/libz.so.1.2.3 3. Solution The proper solution is to install the latest packages. 4. UnixWare 7.1.4 4.1 Location of Fixed Binaries ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.33 4.2 Verification MD5 (zlib-1.2.3.pkg) = 093c1604ab8a9becff0239927b4953ad md5 is available for download from ftp://ftp.sco.com/pub/security/tools 4.3 Installing Fixed Binaries Upgrade the affected binaries with the following sequence: Download zlib-1.2.3.pkg to the /var/spool/pkg directory # pkgadd -d /var/spool/pkg/zlib-1.2.3.pkg 5. UnixWare 7.1.3 5.1 Location of Fixed Binaries ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.33 5.2 Verification MD5 (zlib-1.2.3.pkg) = 093c1604ab8a9becff0239927b4953ad md5 is available for download from ftp://ftp.sco.com/pub/security/tools 5.3 Installing Fixed Binaries Upgrade the affected binaries with the following sequence: Download zlib-1.2.3.pkg to the /var/spool/pkg directory # pkgadd -d /var/spool/pkg/zlib-1.2.3.pkg 6. References Specific references for this advisory: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1849 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2096 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0797 http://www.kb.cert.org/vuls/id/238678 http://www.kb.cert.org/vuls/id/680620 SCO security resources: http://www.sco.com/support/security/index.html SCO security advisories via email http://www.sco.com/support/forums/security.html This security fix closes SCO incidents sr894695 fz532826 erg712898. 7. Disclaimer SCO is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of SCO products. 8. Acknowledgments The SCO Group would like to thank Mark Adler for his research. ______________________________________________________________________________