Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-Disclosure] UnixWare 7.1.4 UnixWare 7.1.3 UnixWare 7.1.1 : x.org p

from [please_reply_to_security] Network Security [Permanent Link]
Subject: [Full-Disclosure] UnixWare 7.1.4 UnixWare 7.1.3 UnixWare 7.1.1 : x.org possible local socket hijacking
Date: Wed, 26 Jan 2005 09:59:10 -0800 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



______________________________________________________________________________

                        SCO Security Advisory

Subject:                UnixWare 7.1.4 UnixWare 7.1.3 UnixWare 7.1.1 : x.org 
possible local socket hijacking
Advisory number:        SCOSA-2005.8
Issue date:             2005 January 26
Cross reference:        sr891412 fz530161 erg712694 CAN-2005-0134
______________________________________________________________________________


1. Problem Description

        The socket directories created in /tmp are now required to
        be owned by root and have their sticky-bit set. If the
        permission is not set properly, the component will try to
        set it properly. If it is unable to do that, it will generate 
        error/warning message(s), but the component will not fail.
        (a.k.a. fail softly)

        The owner and permissions of these directories are tried 
        to be set correctly even if X servers are started by regular 
        users; it generates error message if it fails in doing so. 

        The Common Vulnerabilities and Exposures project (cve.mitre.org) 
        has assigned the name CAN-2005-0134 to this issue.


2. Vulnerable Supported Versions

        System                          Binaries
        ----------------------------------------------------------------------
        UnixWare 7.1.4                  /usr/X/bin/Xnest
                                        /usr/X/bin/Xsco
                                        /usr/X/bin/Xvfb
                                        /usr/X/bin/xfs
                                        /usr/X/lib/libICE.a
                                        /usr/X/lib/libICE.so.6.0
                                        
/usr/src/ihvkit/display/Xserver/lib/libos.a
                                        /usr/src/ihvkit/display/usrlib/libfont.a

        UnixWare 7.1.3                  /usr/X/bin/Xnest
                                        /usr/X/bin/Xsco
                                        /usr/X/bin/Xvfb
                                        /usr/X/bin/xfs
                                        /usr/X/lib/libICE.a
                                        /usr/X/lib/libICE.so.6.0
                                        
/usr/src/ihvkit/display/Xserver/lib/libos.a
                                        /usr/src/ihvkit/display/usrlib/libfont.a

        UnixWare 7.1.1                  /usr/X/bin/Xnest
                                        /usr/X/bin/Xsco
                                        /usr/X/bin/Xvfb
                                        /usr/X/bin/xfs
                                        /usr/X/lib/libICE.a
                                        /usr/X/lib/libICE.so.6.0
                                        
/usr/src/ihvkit/display/Xserver/lib/libos.a
                                        /usr/src/ihvkit/display/usrlib/libfont.a


3. Solution

        The proper solution is to install the latest packages.


4. UnixWare 7.1.4

        4.1 Location of Fixed Binaries

        ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.8

        4.2 Verification

        MD5 (erg712694.pkg.Z) = f216b86a37d02bc0630a849863023637

        md5 is available for download from
                ftp://ftp.sco.com/pub/security/tools

        4.3 Installing Fixed Binaries

        Upgrade the affected binaries with the following sequence:

        Download erg712694.pkg.Z to the /var/spool/pkg directory

        # uncompress /var/spool/pkg/erg712694.pkg.Z
        # pkgadd -d /var/spool/pkg/erg712694.pkg


5. UnixWare 7.1.3

        5.1 Location of Fixed Binaries

        ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.8

        5.2 Verification

        MD5 (erg712694.713.pkg.Z) = cdd347f43fb4cbcec2ef693d88ec104b

        md5 is available for download from
                ftp://ftp.sco.com/pub/security/tools

        5.3 Installing Fixed Binaries

        Upgrade the affected binaries with the following sequence:

        Download erg712694.713.pkg.Z to the /var/spool/pkg directory

        # uncompress /var/spool/pkg/erg712694.713.pkg.Z
        # pkgadd -d /var/spool/pkg/erg712694.713.pkg


6. UnixWare 7.1.1

        6.1 Location of Fixed Binaries

        ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.8


        6.2 Verification

        MD5 (erg712694.711.pkg.Z) = 8c59f293edd8520ed1fefc0abe465592

        md5 is available for download from
                ftp://ftp.sco.com/pub/security/tools


        6.3 Installing Fixed Binaries

        Upgrade the affected binaries with the following sequence:

        Download erg712694.711.pkg.Z to the /var/spool/pkg directory

        # uncompress /var/spool/pkg/erg712694.711.pkg.Z
        # pkgadd -d /var/spool/pkg/erg712694.711.pkg


7. References

        Specific references for this advisory:
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0134 
                http://x.org/X11R6.8.1/RELNOTES.txt

        SCO security resources:
                http://www.sco.com/support/security/index.html

        SCO security advisories via email
                http://www.sco.com/support/forums/security.html

        This security fix closes SCO incidents sr891412 fz530161
        erg712694.


8. Disclaimer

        SCO is not responsible for the misuse of any of the information
        we provide on this website and/or through our security
        advisories. Our advisories are a service to our customers
        intended to promote secure installation and use of SCO
        products.


9. Acknowledgments

        SCO would like to thank Jim Gettys and The Open X.org
        foundation

______________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (SCO/UNIX_SVR5)

iD8DBQFB98mXaqoBO7ipriERArMgAJ9l6hevRUmeSfRYAeKyPjBRGZMboACdHaN8
t5ODtKnXSh7A5Zd+TLdGUag=
=6LRp
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-Disclosure] UnixWare 7.1.4 UnixWare 7.1.3 UnixWare 7.1.1 : x.org possible local socket hijacking, please_reply_to_security <=
Previous by Date:  wifi AP + broadcoast ping, Miroslav Kubik
Next by Date:  [VulnWatch] iDEFENSE Security Advisory 01.26.05: Openswan XAUTH/PAM Buffer Overflow Vulnerability, iDefense Customer Service
Previous by Thread:  wifi AP + broadcoast ping, Miroslav Kubik
Next by Thread:  [VulnWatch] iDEFENSE Security Advisory 01.26.05: Openswan XAUTH/PAM Buffer Overflow Vulnerability, iDefense Customer Service
Indexes:  [Date] [Thread] [Top] [All Lists]