-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SCO Security Advisory Subject: OpenServer 5.0.7 OpenServer 6.0.0 : Gzip Multiple Vulnerabilities Advisory number: SCOSA-2005.59 Issue date: 2005 December 16 Cross reference: sr864726 erg712907 fz532854 sr864725 erg712906 fz532855 CVE-2005-0758 CVE-2005-0988 CVE-2005-1228 ______________________________________________________________________________ 1. Problem Description zgrep in gzip does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0758 to this issue. Race condition in gzip, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0988 to this issue. Directory traversal vulnerability in gunzip -N allows remote attackers to write to arbitrary directories via a .. (dot dot) in the original filename within a compressed file. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1228 to this issue. 2. Vulnerable Supported Versions System Binaries ---------------------------------------------------------------------- OpenServer 5.0.7 gzip distribution OpenServer 6.0.0 gzip distribution 3. Solution The proper solution is to install the latest packages. 4. OpenServer 5.0.7 4.1 Location of Fixed Binaries The fixes are only available in SCO OpenServer Release 5.0.7 Maintenance Pack 4 or later. ftp://ftp.sco.com/pub/openserver5/507/mp/osr507mp4/osr507mp4_vol.tar 4.2 Verification MD5 (osr507mp4_vol.tar) = 4c87d840ff5b43221258547d19030228 md5 is available for download from ftp://ftp.sco.com/pub/security/tools 4.3 Installing Fixed Binaries See the SCO OpenServer Release 5.0.7 Maintenance Pack 4 Release and Installation Notes: ftp://ftp.sco.com/pub/openserver5/507/mp/osr507mp4/osr507mp4.htm 5. OpenServer 6.0.0 5.1 Location of Fixed Binaries ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.59 5.2 Verification MD5 (VOL.000.000) = 2f882aed13d5d0386880fad4f0ee8860 md5 is available for download from ftp://ftp.sco.com/pub/security/tools 5.3 Installing Fixed Binaries Upgrade the affected binaries with the following sequence: 1) Download the VOL* files to a directory. 2) Run the custom command, specify an install from media images, and specify the directory as the location of the images. 6. References Specific references for this advisory: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0758 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0988 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1228 http://secunia.com/advisories/15047 http://www.securityfocus.com/bid/12996 http://xforce.iss.net/xforce/xfdb/20199 SCO security resources: http://www.sco.com/support/security/index.html SCO security advisories via email http://www.sco.com/support/forums/security.html This security fix closes SCO incidents sr864726 erg712907 fz532854 sr864725 erg712906 fz532855. 7. Disclaimer SCO is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of SCO products. ______________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (UnixWare) iD8DBQFDo0QsaqoBO7ipriERAiD7AJ9uMkNTFe+HMx1knQGlNXAbxT+wagCfUtMO lkaSesgOnhrzol2tEWkeBDM= =uGJ7 -----END PGP SIGNATURE-----