UnixWare 7.1.4 UnixWare 7.1.3 : ppp buffer overflow

2005.10.21
Credit: iDEFENSE Labs
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-119


CVSS Base Score: 7.2/10
Impact Subscore: 10/10
Exploitability Subscore: 3.9/10
Exploit range: Local
Attack complexity: Low
Authentication: No required
Confidentiality impact: Complete
Integrity impact: Complete
Availability impact: Complete

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ ______ SCO Security Advisory Subject: UnixWare 7.1.4 UnixWare 7.1.3 : ppp buffer overflow Advisory number: SCOSA-2005.41 Issue date: 2005 October 20 Cross reference: sr894991 fz532994 erg712940 CAN-2005-2927 ________________________________________________________________________ ______ 1. Problem Description iDEFENSE has identified a Buffer Overflow vulnerability in SCO Unixware ppp prompt. Local exploitation of a buffer overflow vulnerability in the ppp binary, allows attackers to gain root privileges. This could lead to the execution of arbitrary code with root privileges, as ppp is setuid root by default. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following name CAN-2005-2927 to this issue. 2. Vulnerable Supported Versions System Binaries ---------------------------------------------------------------------- UnixWare 7.1.4 /usr/bin/ppptalk UnixWare 7.1.3 /usr/bin/ppptalk 3. Solution The proper solution is to install the latest packages. 4. UnixWare 7.1.4 4.1 Location of Fixed Binaries ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.41 4.2 Verification MD5 (erg712940.uw714.pkg.Z) = d47a9958e6dfd44c9b95e1d9489011f4 md5 is available for download from ftp://ftp.sco.com/pub/security/tools 4.3 Installing Fixed Binaries Upgrade the affected binaries with the following sequence: Download erg712940.uw714.pkg.Z to the /var/spool/pkg directory # uncompress /var/spool/pkg/erg712940.uw714.pkg.Z # pkgadd -d /var/spool/pkg/erg712940.uw714.pkg 5. UnixWare 7.1.3 5.1 Location of Fixed Binaries ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.41 5.2 Verification MD5 (erg712940.uw713.pkg.Z) = 474799fc2cda9db5c486880599e1cdcc md5 is available for download from ftp://ftp.sco.com/pub/security/tools 5.3 Installing Fixed Binaries Upgrade the affected binaries with the following sequence: Download erg712940.uw713.pkg.Z to the /var/spool/pkg directory # uncompress /var/spool/pkg/erg712940.uw713.pkg.Z # pkgadd -d /var/spool/pkg/erg712940.uw713.pkg 6. References Specific references for this advisory: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2927 SCO security resources: http://www.sco.com/support/security/index.html SCO security advisories via email http://www.sco.com/support/forums/security.html This security fix closes SCO incidents sr894991 fz532994 erg712940. 7. Disclaimer SCO is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of SCO products. 8. Acknowledgments The SCO Group would like to thank iDefense for discovering and reporting this weakness. ________________________________________________________________________ ______ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (SCO_SV) Comment: For info see http://www.gnupg.org iEYEARECAAYFAkNX5ZkACgkQaqoBO7ipriGOfQCgqXtzz8CfZImq2AYbNNRFHWf3 wxQAn3uS7ub+wfZ6/mmWiSrhqchVAHVP =H1lb -----END PGP SIGNATURE-----


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top