-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________

			SCO Security Advisory

Subject:		UnixWare 7.1.4 : Gzip Multiple Vulnerabilities
Advisory number:	SCOSA-2005.58
Issue date:		2005 December 16
Cross reference:	sr894862 erg712915 fz532919
			CVE-2005-0758 CVE-2005-0988 CVE-2005-1228
______________________________________________________________________________


1. Problem Description

	zgrep in gzip does not properly sanitize arguments, which allows
	local users to execute arbitrary commands via filenames that are
	injected into a sed script.
	
	The Common Vulnerabilities and Exposures project (cve.mitre.org)
	has assigned the name CVE-2005-0758 to this issue.
	
	Race condition in gzip, when decompressing a gzipped file,
	allows local users to modify permissions of arbitrary files via
	a hard link attack on a file while it is being decompressed,
	whose permissions are changed by gzip after the decompression is
	complete.
	
	The Common Vulnerabilities and Exposures project (cve.mitre.org)
	has assigned the name CVE-2005-0988 to this issue.
	
	Directory traversal vulnerability in gunzip -N allows remote
	attackers to write to arbitrary directories via a .. (dot dot)
	in the original filename within a compressed file.
	
	The Common Vulnerabilities and Exposures project (cve.mitre.org)
	has assigned the name CVE-2005-1228 to this issue.


2. Vulnerable Supported Versions

	System				Binaries
	----------------------------------------------------------------------
	UnixWare 7.1.4 			gzip distribution


3. Solution

	The proper solution is to install the latest packages.


4. UnixWare 7.1.4

	4.1 Location of Fixed Binaries

	ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.58


	4.2 Verification

	MD5 (gzip.image) = 82e72a751b0cfee5e7e51680052d2651

	md5 is available for download from
		ftp://ftp.sco.com/pub/security/tools


	4.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following sequence:

	Download gzip.image to the /var/spool/pkg directory.

	# pkgadd -d /var/spool/pkg/gzip.image


5. References

	Specific references for this advisory:
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0758
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0988
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1228
		http://secunia.com/advisories/15047
		http://www.securityfocus.com/bid/12996
		http://xforce.iss.net/xforce/xfdb/20199

	SCO security resources:
		http://www.sco.com/support/security/index.html

	SCO security advisories via email
		http://www.sco.com/support/forums/security.html

	This security fix closes SCO incidents sr894862 erg712915
	fz532919.


6. Disclaimer

	SCO is not responsible for the misuse of any of the information
	we provide on this website and/or through our security
	advisories. Our advisories are a service to our customers
	intended to promote secure installation and use of SCO
	products.

______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (UnixWare)

iD8DBQFDoz+WaqoBO7ipriERAnT1AJ9Oo0xrb4AXRUHL5nbA51jJuzxiIQCgmTHI
G/Y6bv22+MAt3Okm+FhJo7U=
=pF7S
-----END PGP SIGNATURE-----