Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » CSSA-2002-SCO.38-X server insecure popen and buffer overflow

CSSA-2002-SCO.38-X server insecure popen and buffer overflow

by Nikola Strahija on August 27th, 2002 The X server did not drop privilege before invoking xkbcomp or other external commands. In addition, there was a buffer overflow in the same area of the code.


2. Vulnerable Supported Versions

System Binaries
----------------------------------------------------------------------
Open UNIX 8.0.0 /usr/X/bin/Xsco
UnixWare 7.1.1 /usr/X/bin/Xsco


3. Solution

The proper solution is to install the latest packages.


4. Open UNIX 8.0.0

4.1 Location of Fixed Binaries

ftp://ftp.sco.com/pub/updates/OpenUNIX/CSSA-2002-SCO.38


4.2 Verification

MD5 (erg711819b.pkg.Z) = 8c06d16b46b7895c545bcdb7c23475d0

md5 is available for download from
ftp://ftp.sco.com/pub/security/tools


4.3 Installing Fixed Binaries

Upgrade the affected binaries with the following commands:

Download erg711819b.pkg.Z to the /var/spool/pkg directory

# uncompress /var/spool/pkg/erg711819b.pkg.Z
# pkgadd -d /var/spool/pkg/erg711819b.pkg


5. UnixWare 7.1.1

5.1 Location of Fixed Binaries

ftp://ftp.sco.com/pub/updates/OpenUNIX/CSSA-2002-SCO.38


5.2 Verification

MD5 (erg711819b.pkg.Z) = 8c06d16b46b7895c545bcdb7c23475d0

md5 is available for download from
ftp://ftp.sco.com/pub/security/tools


5.3 Installing Fixed Binaries

Upgrade the affected binaries with the following commands:

Download erg711819b.pkg.Z to the /var/spool/pkg directory

# uncompress /var/spool/pkg/erg711819b.pkg.Z
# pkgadd -d /var/spool/pkg/erg711819b.pkg


6. References

Specific references for this advisory:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0987
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0988
http://marc.theaimsgroup.com/?l=bugtraq&m=88653528226228&w=2

SCO security resources:
http://www.sco.com/support/security/index.html

This security fix closes SCO incidents sr850806, fz518676,
erg711819.


7. Disclaimer

SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers
intended to promote secure installation and use of SCO
products.


8. Acknowledgements

This vulnerability was discovered and researched by Olaf
Kirch ([email protected]).

______________________________________________________________________


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »