-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SCO Security Advisory Subject: OpenServer 5.0.7 OpenServer 6.0.0 : GhostScript Insecure Temporary File Creation Vulnerability Advisory number: SCOSA-2006.19 Issue date: 2006 April 11 Cross reference: fz533156 CVE-2004-0967 ______________________________________________________________________________ 1. Problem Description Ghostscript is affected by an insecure temporary file creation vulnerability. This issue is likely due to a design error that causes the application to fail to verify the existence of a file before writing to it. An attacker may leverage this issue to overwrite arbitrary files with the privileges of an unsuspecting user that activates the vulnerable application. Reportedly this issue is unlikely to facilitate privilege escalation. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0967 to this issue. 2. Vulnerable Supported Versions System Binaries ---------------------------------------------------------------------- OpenServer 5.0.7 Ghostscript package OpenServer 6.0.0 Ghostscript package 3. Solution The proper solution is to install the latest packages. 4. OpenServer 5.0.7 4.1 Location of Fixed Binaries ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.19 4.2 Verification MD5 (p533156.507_vol.tar) = ae7c290a3b686c4bc01bdd0dc4adc1af md5 is available for download from ftp://ftp.sco.com/pub/security/tools 4.3 Installing Fixed Binaries Upgrade the affected binaries with the following sequence: 1) Download p533156.507_vol.tar to a directory. 2) Extract VOL* files. # tar xvf p533156.507_vol.tar 3) Run the custom command, specify an install from media images, and specify the directory as the location of the images. 5. OpenServer 6.0.0 5.1 Location of Fixed Binaries ftp://ftp.sco.com/pub/openserver6/600/mp/osr600mp2/osr600mp2.iso 5.2 Verification MD5 (osr600mp2.iso) = 7e560dcde374eb60df2b4a599ac20d8a md5 is available for download from ftp://ftp.sco.com/pub/security/tools 5.3 Installing Fixed Binaries See the SCO OpenServer Release 6.0.0 Maintenance Pack 2 Release and Installation Notes: ftp://ftp.sco.com/pub/openserver6/600/mp/osr600mp2/osr600mp2.html 6. References Specific references for this advisory: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0967 http://www.securityfocus.com/bid/11285/references http://secunia.com/advisories/12903/ SCO security resources: http://www.sco.com/support/security/index.html SCO security advisories via email http://www.sco.com/support/forums/security.html This security fix closes SCO incidents fz533156. 7. Disclaimer SCO is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of SCO products. 8. Acknowledgments Trustix security engineers are credited with the discovery of this vulnerability. ______________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (SCO_SV) iD8DBQFERlx3aqoBO7ipriERAsWeAJ4uhzNaylgXpqAP9cY+Ce+gPAN/XgCfYzKg W6DW022ARU40uLzbzj8gzV8= =zQ8e -----END PGP SIGNATURE-----