-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SCO Security Advisory Subject: OpenServer 5.0.5 OpenServer 5.0.6 : Various security fixes for Apache. Advisory number: CSSA-2003-SCO.10.1 Issue date: 2003 September 10 Cross reference: erg712141 fz526299 sr870246 erg711975 fz521278 sr865893 erg711980 fz520245 sr861015 erg711980 fz520260 sr861044 ______________________________________________________________________________ 1. Problem Description This package fixes the following security issues: CAN-2002-0839 - The shared memory scoreboard in the HTTP daemon Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard. CAN-2002-0840 - Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header. CAN-2002-0843 - Buffer overflows in the ApacheBench support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response. mod_ssl (www.modssl.org) is a commonly used Apache module that provides strong cryptography for the Apache web server. The module utilizes OpenSSL (formerly SSLeay) for the SSL implementation. modssl versions prior to 2.8.7-1.3.23 (Feb 23, 2002) make use of the underlying OpenSSL routines in a manner which could overflow a buffer within the implementation. Vulnerabilities in the php_mime_split function may allow an intruder to execute arbitrary code with the privileges of the web server. 2. Vulnerable Supported Versions System Binaries ---------------------------------------------------------------------- OpenServer 5.0.5 Apache distribution OpenServer 5.0.6 Apache distribution 3. Solution The proper solution is to install the latest packages. 4. OpenServer 5.0.5, OpenServer 5.0.6 4.1 First install: oss646a - Execution Environment Supplement oss631b - gwxlibs supplement oss632b - perl supplement 4.2 Location of Fixed Binaries ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.10 4.3 Verification MD5 (VOL.000.000) = 1fc6f6ad14819316e8c1944b591da03c MD5 (VOL.000.001) = 5e4a1668b9e195c915d27b60d8b9930a MD5 (VOL.000.002) = a996524cf6cba2e4fd8718d837cb385f MD5 (VOL.000.003) = 6f277e38877b7c48398ff0d4c213f2db MD5 (VOL.000.004) = df6f1a897ffa5c153845c85a237b1625 MD5 (VOL.000.005) = aa44f7ea160184e06de7032cc65d6299 MD5 (VOL.000.006) = 34a110733467c4820d5e9f427d147e2d MD5 (VOL.000.007) = 8bcd062ea9f8b36017c71144caf89810 MD5 (VOL.000.008) = 6667358ef32b137dc3d6a68215c36c38 md5 is available for download from ftp://ftp.sco.com/pub/security/tools 4.4 Installing Fixed Binaries Upgrade the affected binaries with the following sequence: 1) Download the VOL* files to the /tmp directory 2) Run the custom command, specify an install from media images, and specify the /tmp directory as the location of the images. 5. References Specific references for this advisory: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0839 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0840 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0843 http://httpd.apache.org/info/security_bulletin_20020617.txt http://www.kb.cert.org/vuls/id/297363 http://marc.theaimsgroup.com/?l=apache-modssl&m=104800029216491&w=2 http://www.kb.cert.org/vuls/id/297363 SCO security resources: http://www.sco.com/support/security/index.html This security fix closes SCO incidents erg712141, fz526299, sr870246 erg711975, fz521278, sr865893 erg711980, fz520245, sr861015, erg711980, fz520260, sr861044. 6. Disclaimer SCO is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of SCO products. 7. Acknowledgements CAN-2002-0839: zen-parse (zen-parsegmx.net) disclosed this issue to iDEFENSE. CAN-2002-0840: This issue was reported to the ASF by Matthew Murphy. CAN-2002-0843: This issue was reported to the ASF by David Wagner. php_mime_split This issues was reported by Stefan Esser. ______________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux) iD8DBQE/X5QGaqoBO7ipriERAsd7AJ4mEqUfMcRq8CykfAD6gGtkhS04OQCgip5H RfPGA+rWCYVFYY4bJPB5LTg= =QsV+ -----END PGP SIGNATURE-----