Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » [CSSA-2002-048.0] Linux: wwwoffled remote access vulnerability

[CSSA-2002-048.0] Linux: wwwoffled remote access vulnerability

by Nikola Strahija on November 23rd, 2002 wwwoffled allows remote attackers to cause a denial of service and possibly execute arbitrary code via a negative Content-Length value.


2. Vulnerable Supported Versions

System Package
----------------------------------------------------------------------

OpenLinux 3.1.1 Workstation prior to wwwoffle-2.6b-3MR.i386.rpm

OpenLinux 3.1 Workstation prior to wwwoffle-2.6b-3MR.i386.rpm


3. Solution

The proper solution is to install the latest packages. Many
customers find it easier to use the Caldera System Updater, called
cupdate (or kcupdate under the KDE environment), to update these
packages rather than downloading and installing them by hand.


4. OpenLinux 3.1.1 Workstation

4.1 Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-048.0/RPMS

4.2 Packages

d54de95d9db4d19501e6b50ef63f2e31 wwwoffle-2.6b-3MR.i386.rpm

4.3 Installation

rpm -Fvh wwwoffle-2.6b-3MR.i386.rpm

4.4 Source Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-048.0/SRPMS

4.5 Source Packages

1e8f25979fdc99dc6b3652927fa1a98a wwwoffle-2.6b-3MR.src.rpm


5. OpenLinux 3.1 Workstation

5.1 Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-048.0/RPMS

5.2 Packages

c75848533ab650ef06bb7910eca73946 wwwoffle-2.6b-3MR.i386.rpm

5.3 Installation

rpm -Fvh wwwoffle-2.6b-3MR.i386.rpm

5.4 Source Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-048.0/SRPMS

5.5 Source Packages

9b8e3cf1987bc4d08cf9782eea2e2c9e wwwoffle-2.6b-3MR.src.rpm


6. References

Specific references for this advisory:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0818

SCO security resources:
http://www.sco.com/support/security/index.html

This security fix closes SCO incidents sr867510, fz525781,
erg501645.


7. Disclaimer

SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers intended
to promote secure installation and use of SCO products.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »