Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » [CSSA-2003-SCO.3] UnixWare 7.1.1 Open UNIX 8.0.0 UnixWare 7.1.3 : ftp vulnerabil

[CSSA-2003-SCO.3] UnixWare 7.1.1 Open UNIX 8.0.0 UnixWare 7.1.3 : ftp vulnerabil

by Nikola Strahija on March 4th, 2003 By using a filename with a | (pipe symbol) in it, shell commands can be issued remotely on the machine of a user who is retrieving files with the FTP client program, from a compromised or malicious ftp server.


Subject: UnixWare 7.1.1 Open UNIX 8.0.0 UnixWare 7.1.3 : ftp vulnerability with pipe symbols in filenames
Advisory number: CSSA-2003-SCO.3
Issue date: 2003 March 03
Cross reference:
______________________________________________________________________________


1. Problem Description

By using a filename with a | (pipe symbol) in it, shell
commands can be issued remotely on the machine of a user
who is retrieving files with the FTP client program, from
a compromised or malicious ftp server. This leads to a
compromise of the client machine.


2. Vulnerable Supported Versions

System Binaries
----------------------------------------------------------------------
UnixWare 7.1.1 /usr/bin/ftp
Open UNIX 8.0.0 /usr/bin/ftp
UnixWare 7.1.3 /usr/bin/ftp


3. Solution

The proper solution is to install the latest packages.


4. UnixWare 7.1.1

4.1 Location of Fixed Binaries

ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.3


4.2 Verification

MD5 (erg712227.pkg.Z) = 296bbcf1394f7010397b8d90f9a9978d

md5 is available for download from
ftp://ftp.sco.com/pub/security/tools


4.3 Installing Fixed Binaries

Upgrade the affected binaries with the following sequence:

Download erg712227.pkg.Z to the /var/spool/pkg directory

# uncompress /var/spool/pkg/erg712227.pkg.Z
# pkgadd -d /var/spool/pkg/erg712227.pkg


5. Open UNIX 8.0.0

5.1 Location of Fixed Binaries

ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.3


5.2 Verification

MD5 (erg712227.pkg.Z) = 296bbcf1394f7010397b8d90f9a9978d

md5 is available for download from
ftp://ftp.sco.com/pub/security/tools


5.3 Installing Fixed Binaries

Upgrade the affected binaries with the following sequence:

Download erg712227.pkg.Z to the /var/spool/pkg directory

# uncompress /var/spool/pkg/erg712227.pkg.Z
# pkgadd -d /var/spool/pkg/erg712227.pkg


6. UnixWare 7.1.3

6.1 Location of Fixed Binaries

ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.3


6.2 Verification

MD5 (erg712227.pkg.Z) = 296bbcf1394f7010397b8d90f9a9978d

md5 is available for download from
ftp://ftp.sco.com/pub/security/tools


6.3 Installing Fixed Binaries

Upgrade the affected binaries with the following sequence:

Download erg712227.pkg.Z to the /var/spool/pkg directory

# uncompress /var/spool/pkg/erg712227.pkg.Z
# pkgadd -d /var/spool/pkg/erg712227.pkg


7. References

Specific references for this advisory:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0041

SCO security resources:

http://www.sco.com/support/security/index.html

This security fix closes SCO incidents sr874929, fz527425,
erg712227.


8. Disclaimer

SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers
intended to promote secure installation and use of SCO
products.


9. Acknowledgements

This vulnerability was first published in 1997 on Bugtraq,
and was discovered again by The Hackademy Audit team in
September 2002 during a source code audit.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »