Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » SCO CSSA-2003-011.0: format string in zlib

SCO CSSA-2003-011.0: format string in zlib

by Nikola Strahija on March 12th, 2003 There is a buffer overflow in the gzprintf function in zlib that can enable attackers to cause a denial of service or possibly execute arbitrary code.


Subject: Linux: format string vulnerability in zlib (gzprintf)
Advisory number: CSSA-2003-011.0
Issue date: 2003 March 10
Cross reference:
______________________________________________________________________________


1. Problem Description

There is a buffer overflow in the gzprintf function in zlib that
can enable attackers to cause a denial of service or possibly
execute arbitrary code.


2. Vulnerable Supported Versions

System Package
----------------------------------------------------------------------

OpenLinux 3.1.1 Server prior to libz-1.1.4-2.i386.rpm
prior to libz-devel-1.1.4-2.i386.rpm
prior to libz-devel-static-1.1.4-2.i386.rpm

OpenLinux 3.1.1 Workstation prior to libz-1.1.4-2.i386.rpm
prior to libz-devel-1.1.4-2.i386.rpm
prior to libz-devel-static-1.1.4-2.i386.rpm

OpenLinux 3.1 Server prior to libz-1.1.4-2.i386.rpm
prior to libz-devel-1.1.4-2.i386.rpm
prior to libz-devel-static-1.1.4-2.i386.rpm

OpenLinux 3.1 Workstation prior to libz-1.1.4-2.i386.rpm
prior to libz-devel-1.1.4-2.i386.rpm
prior to libz-devel-static-1.1.4-2.i386.rpm


3. Solution

The proper solution is to install the latest packages. Many
customers find it easier to use the Caldera System Updater, called
cupdate (or kcupdate under the KDE environment), to update these
packages rather than downloading and installing them by hand.


4. OpenLinux 3.1.1 Server

4.1 Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-011.0/RPMS

4.2 Packages

54e3d653907b2aa8111939d208b1f48b libz-1.1.4-2.i386.rpm
7b6103ac070899d33ddc18ec0152c8ad libz-devel-1.1.4-2.i386.rpm
bf687e8997a2c7413f183cf0398a797c libz-devel-static-1.1.4-2.i386.rpm

4.3 Installation

rpm -Fvh libz-1.1.4-2.i386.rpm
rpm -Fvh libz-devel-1.1.4-2.i386.rpm
rpm -Fvh libz-devel-static-1.1.4-2.i386.rpm

4.4 Source Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-011.0/SRPMS

4.5 Source Packages

cb073eedd69f6503fdaaf7a12ed37c10 libz-1.1.4-2.src.rpm


5. OpenLinux 3.1.1 Workstation

5.1 Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-011.0/RPMS

5.2 Packages

80a08ebf1d968f880b8bfeb9a91d9288 libz-1.1.4-2.i386.rpm
de1a572406aae392822c6b8fd9667c05 libz-devel-1.1.4-2.i386.rpm
80f2a2de435d10d2acd957cc07790cf9 libz-devel-static-1.1.4-2.i386.rpm

5.3 Installation

rpm -Fvh libz-1.1.4-2.i386.rpm
rpm -Fvh libz-devel-1.1.4-2.i386.rpm
rpm -Fvh libz-devel-static-1.1.4-2.i386.rpm

5.4 Source Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-011.0/SRPMS

5.5 Source Packages

dd564551f59c8675aec4cab15e6108dc libz-1.1.4-2.src.rpm


6. OpenLinux 3.1 Server

6.1 Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2003-011.0/RPMS

6.2 Packages

5cc16bd91015ce00f468e747a5fc8772 libz-1.1.4-2.i386.rpm
1d321ea1297616096fb5e1a3b72ec828 libz-devel-1.1.4-2.i386.rpm
021368dbf124ba856d46fb85f072b010 libz-devel-static-1.1.4-2.i386.rpm

6.3 Installation

rpm -Fvh libz-1.1.4-2.i386.rpm
rpm -Fvh libz-devel-1.1.4-2.i386.rpm
rpm -Fvh libz-devel-static-1.1.4-2.i386.rpm

6.4 Source Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2003-011.0/SRPMS

6.5 Source Packages

9707abacf6336b2d5cb62529a0021d97 libz-1.1.4-2.src.rpm


7. OpenLinux 3.1 Workstation

7.1 Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2003-011.0/RPMS

7.2 Packages

303370a239df4fdff20a93ec885ef342 libz-1.1.4-2.i386.rpm
ff34cf793e2c8c70627ecd29c271dcca libz-devel-1.1.4-2.i386.rpm
eaef0a84c34dd17b2af72f9e235803da libz-devel-static-1.1.4-2.i386.rpm

7.3 Installation

rpm -Fvh libz-1.1.4-2.i386.rpm
rpm -Fvh libz-devel-1.1.4-2.i386.rpm
rpm -Fvh libz-devel-static-1.1.4-2.i386.rpm

7.4 Source Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2003-011.0/SRPMS

7.5 Source Packages

c0c9de8ce6e7d254a640b2a84e5d806d libz-1.1.4-2.src.rpm


8. References

Specific references for this advisory:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0107

SCO security resources:

http://www.sco.com/support/security/index.html

This security fix closes SCO incidents sr875410, fz527488,
erg712251.


9. Disclaimer

SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers intended
to promote secure installation and use of SCO products.


10. Acknowledgements

Richard Kettlewell discovered and researched this vulnerability.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »