From security@sco.com Wed Dec 14 18:53:30 2005 From: security@sco.com To: security-announce@list.sco.com Date: Wed, 14 Dec 2005 18:48:38 -0500 (EST) Subject: [Full-disclosure] SCOSA-2005.56 UnixWare 7.1.3 UnixWare 7.1.4 : LibXpm Integer Overflow Vulnerability -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SCO Security Advisory Subject: UnixWare 7.1.3 UnixWare 7.1.4 : Xloadimage NIFF Image Title Handling Buffer Overflow Vulnerability Advisory number: SCOSA-2005.56 Issue date: 2005 December 14 Cross reference: fz533253 CVE-2005-3178 ______________________________________________________________________________ 1. Problem Description A buffer overflow in xloadimage, might allow user-complicit attackers to execute arbitrary code via a long title name in a NIFF file, which triggers the overflow during (1) zoom, (2) reduce, or (3) rotate operations. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-3178 to this issue. 2. Vulnerable Supported Versions System Binaries ---------------------------------------------------------------------- UnixWare 7.1.3 /usr/X/bin/xloadimage UnixWare 7.1.4 /usr/X/bin/xloadimage 3. Solution The proper solution is to install the latest packages. 4. UnixWare 7.1.3 and UnixWare 7.1.4 4.1 Location of Fixed Binaries ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.56 4.2 Verification MD5 (p533253.image) = 43902213db833db30b33ca9b84b08394 md5 is available for download from ftp://ftp.sco.com/pub/security/tools 4.3 Installing Fixed Binaries Upgrade the affected binaries with the following sequence: Download p533253.image to the /var/spool/pkg directory. # pkgadd -d /var/spool/pkg/p533253.image 5. References Specific references for this advisory: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3178 http://secunia.com/advisories/17087 http://securitytracker.com/id?1015072 http://www.securityfocus.com/bid/15051 SCO security resources: http://www.sco.com/support/security/index.html SCO security advisories via email http://www.sco.com/support/forums/security.html This security fix closes SCO incidents fz533253. 6. Disclaimer SCO is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of SCO products. 7. Acknowledgments SCO would like to thank Ariel Berkman for reporting this vulnerability. ______________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (UnixWare) iD8DBQFDoD5baqoBO7ipriERAs+GAKCaV7V6sPMd+SU8wyueTl+6fCRKzQCfaW/X 3m5pTykcV+CTGRlc2czFagM= =k+bm -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/