-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________

			SCO Security Advisory

Subject:		OpenServer 6.0.0 : X.Org X Server Arbitrary Code Execution Vulnerability
Advisory number: 	SCOSA-2006.14
Issue date: 		2006 March 16
Cross reference:	fz532984
			CVE-2005-2495 
			VU#102441 
______________________________________________________________________________


1. Problem Description

	Multiple X Window System server applications share code
	that may contain a flaw in the memory allocation for large
	pixmaps. The affected products include the X.Org X server 
	applications.
	
	An integer overflow condition may result in a memory allocation
	request returning an allocated region that is incorrectly
	sized. The client may then be able to use the XDrawPoint()
	and XGetImage() functions to read and write to arbitrary
	locations in the X server's address space.
	
	A malicious local authenticated attacker may be able to
	execute arbitrary code with the privileges of the X server.
	
	The Common Vulnerabilities and Exposures project
	(cve.mitre.org) has assigned the name CVE-2005-2495 to
	this issue.


2. Vulnerable Supported Versions

	System				Binaries
	----------------------------------------------------------------------
	OpenServer 6.0.0 		XORGServer package


3. Solution

	The proper solution is to install the latest packages.


4. OpenServer 6.0.0

	4.1 Location of Fixed Binaries

	ftp://ftp.sco.com/pub/openserver6/600/mp/osr600mp2/osr600mp2.iso


	4.2 Verification

	MD5 (osr600mp2.iso) = 7e560dcde374eb60df2b4a599ac20d8a

	md5 is available for download from
		ftp://ftp.sco.com/pub/security/tools


	4.3 Installing Fixed Binaries

	See the SCO OpenServer Release 6.0.0 Maintenance Pack 2 Release
	and Installation Notes:

	ftp://ftp.sco.com/pub/openserver6/600/mp/osr600mp2/osr600mp2.html


5. References

	Specific references for this advisory:
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2495
		http://www.kb.cert.org/vuls/id/102441 
		https://bugs.freedesktop.org/show_bug.cgi?id=594 
		http://secunia.com/advisories/16790/ 
		http://secunia.com/advisories/16777/

	SCO security resources:
		http://www.sco.com/support/security/index.html

	SCO security advisories via email
		http://www.sco.com/support/forums/security.html

	This security fix closes SCO incidents fz532984.


6. Disclaimer

	SCO is not responsible for the misuse of any of the information
	we provide on this website and/or through our security
	advisories. Our advisories are a service to our customers intended
	to promote secure installation and use of SCO products.


7. Acknowledgments

	Thanks to Luke Hutchison and Søren Sandmann Pedersen for reporting
	this vulnerability.

______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (SCO_SV)

iD8DBQFEGcnSaqoBO7ipriERAnujAJ9ZaNb+8CBGF/WlMM8sZFfxzSxPrwCePpaI
m3yj3A369pIAJ4mnk1WZaAw=
=DgP7
-----END PGP SIGNATURE-----