Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2006.0002 -- [UNIX/Linux][SCO] New cpio patches fix multiple vulnerabilities 4 January 2006 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: cpio Publisher: SCO Operating System: UNIX variants (UNIX, Linux, OSX) Impact: Overwrite Arbitrary Files Inappropriate Access Access: Existing Account CVE Names: CVE-2005-1229 CVE-2005-1111 Ref: ESB-2005.0468 Original Bulletin: ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.2/SCOSA-2006.2.txt - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SCO Security Advisory Subject: OpenServer 5.0.7 OpenServer 6.0.0 : cpio Multiple Vulnerabilities Advisory number: SCOSA-2006.2 Issue date: 2006 January 03 Cross reference: sr893933 fz532332 erg712853 sr894845 fz532911 erg712912 CVE-2005-1111 CVE-2005-1229 ______________________________________________________________________________ 1. Problem Description A race condition in cpio allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1111 to this issue. A directory traversal vulnerability allows remote attackers to write to arbitrary directories via a .. (dot dot) in a cpio file. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1229 to this issue 2. Vulnerable Supported Versions System Binaries ---------------------------------------------------------------------- OpenServer 5.0.7 /usr/gnu/bin/gcpio OpenServer 6.0.0 /usr/bin/cpio, /usr/bin/cpio.osr5 3. Solution The proper solution is to install the latest packages. 4. OpenServer 5.0.7 4.1 Location of Fixed Binaries ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.2 4.2 Verification MD5 (p532332.507_vol.tar) = 416ce0e1f6ba629eadc883ca1283fba7 md5 is available for download from ftp://ftp.sco.com/pub/security/tools 4.3 Installing Fixed Binaries Upgrade the affected binaries with the following sequence: 1) Download p532332.507_vol.tar file to a directory. 2) Extract VOL* files. # tar xvf p532332.507_vol.tar 3) Run the custom command, specify an install from media images, and specify the directory as the location of the images. 5. OpenServer 6.0.0 5.1 Location of Fixed Binaries ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.2 5.2 Verification MD5 (p532911.600_vol.tar) = 2224558523782dbae0b529fb0cf0ff37 md5 is available for download from ftp://ftp.sco.com/pub/security/tools 5.3 Installing Fixed Binaries Upgrade the affected binaries with the following sequence: 1) Download p532911.600_vol.tar file to a directory. 2) Extract VOL* files. # tar xvf p532911.600_vol.tar 3) Run the custom command, specify an install from media images, and specify the directory as the location of the images. 6. References Specific references for this advisory: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1111 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1229 http://xforce.iss.net/xforce/xfdb/20204 SCO security resources: http://www.sco.com/support/security/index.html SCO security advisories via email http://www.sco.com/support/forums/security.html This security fix closes SCO incidents sr893933 fz532332 erg712853 sr894845 fz532911 erg712912. 7. Disclaimer SCO is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of SCO products. 8. Acknowledgments The SCO Group would like to thank Imran Ghory for the initial report. ______________________________________________________________________________ - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (UnixWare) iD8DBQFDutvSaqoBO7ipriERAotsAJ93QFuCrfqnGpo9ZI/0WrAZY2QESwCeMB0P /k50mfVF8FuQU7x/P0lHfyo= =RLvy - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQCVAwUBQ7sXOih9+71yA2DNAQLXHgP7BMbZ2du/hdECp39iZVOk+fT5WqM3FmJU wBTUWoHpdU6lfNu2PWNA8PZDDk+R+2Hl3MSE1tKcKSI6tSfW+Z+4IupNdsZ9OqKk 7T+vwd2w1jC7xKBgVEarP/Of3uHYueSMH1oV7++wyTeaqOoD25mbdH6hbfYj9vzh P9/UFHaeM/s= =UdtW -----END PGP SIGNATURE-----