-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SCO Security Advisory Subject: UnixWare 7.1.3 UnixWare 7.1.4 OpenServer 5.0.6 OpenServer 5.0.7 : Telnet Environment Leakage Advisory number: SCOSA-2005.35 Issue date: 2005 August 31 Cross reference: sr893937 fz532338 erg712857 sr893938 fz532339 erg712858 CAN-2005-0488 ______________________________________________________________________________ 1. Problem Description Certain BSD-based Telnet clients allow remote malicious Telnet servers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0488 to this issue 2. Vulnerable Supported Versions System Binaries ---------------------------------------------------------------------- UnixWare 7.1.3 /usr/bin/telnet UnixWare 7.1.4 /usr/bin/telnet OpenServer 5.0.6 /usr/bin/telnet OpenServer 5.0.7 /usr/bin/telnet 3. Solution The proper solution is to install the latest packages. 4. UnixWare 7.1.3 4.1 Location of Fixed Binaries ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.35 4.2 Verification MD5 (erg712857.pkg.Z) = ffeb042ca8d45a144164c3637951bcbb md5 is available for download from ftp://ftp.sco.com/pub/security/tools 4.3 Installing Fixed Binaries Upgrade the affected binaries with the following sequence: Download erg712857.pkg.Z to the /var/spool/pkg directory # uncompress /var/spool/pkg/erg712857.pkg.Z # pkgadd -d /var/spool/pkg/erg712857.pkg 5. UnixWare 7.1.4 5.1 Location of Fixed Binaries ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.35 5.2 Verification MD5 (erg712857.pkg.Z) = ffeb042ca8d45a144164c3637951bcbb md5 is available for download from ftp://ftp.sco.com/pub/security/tools 5.3 Installing Fixed Binaries Upgrade the affected binaries with the following sequence: Download erg712857.pkg.Z to the /var/spool/pkg directory # uncompress /var/spool/pkg/erg712857.pkg.Z # pkgadd -d /var/spool/pkg/erg712857.pkg 6. OpenServer 5.0.6 6.1 Location of Fixed Binaries ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.35 6.2 Verification MD5 (VOL.000.000) = f363d6f0574d5b3ef414af6ddc56b6ab md5 is available for download from ftp://ftp.sco.com/pub/security/tools 6.3 Installing Fixed Binaries Upgrade the affected binaries with the following sequence: 1) Download the VOL* files to a directory 2) Run the custom command, specify an install from media images, and specify the directory as the location of the images. 7. OpenServer 5.0.7 7.1 Location of Fixed Binaries ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.35 7.2 Verification MD5 (VOL.000.000) = f363d6f0574d5b3ef414af6ddc56b6ab md5 is available for download from ftp://ftp.sco.com/pub/security/tools 7.3 Installing Fixed Binaries Upgrade the affected binaries with the following sequence: 1) Download the VOL* files to a directory 2) Run the custom command, specify an install from media images, and specify the directory as the location of the images. 8. References Specific references for this advisory: http://idefense.com/application/poi/display?id=260&type=vulnerabilities http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0488 SCO security resources: http://www.sco.com/support/security/index.html SCO security advisories via email http://www.sco.com/support/forums/security.html This security fix closes SCO incidents sr893937 fz532338 erg712857 sr893938 fz532339 erg712858. 9. Disclaimer SCO is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of SCO products. 10. Acknowledgments The SCO Group would like to thank Gael Delalleau for alerting the public to this problem. ______________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (SCO_SV) Comment: For info see http://www.gnupg.org iEYEARECAAYFAkMWoDwACgkQaqoBO7ipriHL1wCfbEbwK6fSTYwlPco5zg0Fe3V2 8gMAnjWQOBGTWgOvcreQ+IT8A+MVT6Ir =Jo6p -----END PGP SIGNATURE-----