From please_reply_to_security@sco.com Wed Mar 3 23:38:33 2004 From: please_reply_to_security@sco.com To: announce@lists.caldera.com, bugtraq@securityfocus.com, full-disclosure@lists.netsys.com, security-alerts@linuxsecurity.com Date: Mon, 1 Mar 2004 18:38:52 -0800 (PST) Subject: [Full-Disclosure] OpenLinux: Integer overflow may allow local users to cause a denial of service or possibly execute arbitrary code -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SCO Security Advisory Subject: OpenLinux: Integer overflow may allow local users to cause a denial of service or possibly execute arbitrary code Advisory number: CSSA-2004-006.0 Issue date: 2004 March 01 Cross reference: sr886799 fz528469 erg712481 CAN-2003-0854 CAN-2003-0853 ______________________________________________________________________________ 1. Problem Description The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to these issues: CAN-2003-0854 ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as wu-ftpd. CAN-2003-0853 An integer overflow in ls in the fileutils or coreutils packages may allow local users to cause a denial of service or execute arbitrary code via a large -w value, which could be remotely exploited via applications that use ls, such as wu-ftpd. 2. Vulnerable Supported Versions System Package ---------------------------------------------------------------------- OpenLinux 3.1.1 Server prior to fileutils-4.1-6.i386.rpm OpenLinux 3.1.1 Workstation prior to fileutils-4.1-6.i386.rpm 3. Solution The proper solution is to install the latest packages. Many customers find it easier to use the Caldera System Updater, called cupdate (or kcupdate under the KDE environment), to update these packages rather than downloading and installing them by hand. 4. OpenLinux 3.1.1 Server 4.1 Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-006.0/RPMS 4.2 Packages ac55e0177cfef608523de3aafbe245a3 fileutils-4.1-6.i386.rpm 4.3 Installation rpm -Fvh fileutils-4.1-6.i386.rpm 4.4 Source Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-006.0/SRPMS 4.5 Source Packages e558c5ef3465c06fad85ec4c880a5d04 fileutils-4.1-6.src.rpm 5. OpenLinux 3.1.1 Workstation 5.1 Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2004-006.0/RPMS 5.2 Packages 7cc40a37a1326b93a1da82737dc37483 fileutils-4.1-6.i386.rpm 5.3 Installation rpm -Fvh fileutils-4.1-6.i386.rpm 5.4 Source Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2004-006.0/SRPMS 5.5 Source Packages d04bac53f3bf74e53d96061e201f36b0 fileutils-4.1-6.src.rpm 6. References Specific references for this advisory: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0854 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0853 http://lists.netsys.com/pipermail/full-disclosure/2003-October/012548.html http://www.guninski.com/binls.html SCO security resources: http://www.sco.com/support/security/index.html This security fix closes SCO incidents sr886799 fz528469 erg712481. 7. Disclaimer SCO is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of SCO products. 8. Acknowledgements SCO would like to thank Georgi Guninski ______________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (SCO/UNIX_SVR5) iD8DBQFAQ+7VbluZssSXDTERAqOHAKCRadNVYuIr3Vd1Er0Gg/IYmfMtEQCgr/r4 1jpuK7rG81dBvWb7bm5lEAI= =0S/W -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html