Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-Disclosure] UnixWare 7.1.3 Open UNIX 8.0.0 UnixWare 7.1.1 : perl u

from [please_reply_to_security] Network Security [Permanent Link]
Subject: [Full-Disclosure] UnixWare 7.1.3 Open UNIX 8.0.0 UnixWare 7.1.1 : perl unsafe Safe compartment
Date: Wed, 31 Mar 2004 15:45:11 -0800 (PST) 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


______________________________________________________________________________

                        SCO Security Advisory

Subject:                UnixWare 7.1.3 Open UNIX 8.0.0 UnixWare 7.1.1 : perl 
unsafe Safe compartment
Advisory number:        SCOSA-2004.1
Issue date:             2004 March 29
Cross reference:        sr887197 fz528449 erg712495 CAN-2002-1323
______________________________________________________________________________


1. Problem Description

        Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and
        earlier, may allow attackers to break out of safe compartments
        in (1) Safe::reval or (2) Safe::rdo using a redefined @_
        variable, which is not reset between successive calls. 
        
        The Common Vulnerabilities and Exposures project (cve.mitre.org)
        has assigned the name CAN-2002-1323 to this issue.


2. Vulnerable Supported Versions

        System                          Binaries
        ----------------------------------------------------------------------
        UnixWare 7.1.3          /usr/gnu/lib/perl5/i386-svr4/5.00404/Safe.pm    
        Open UNIX 8.0.0         /usr/gnu/lib/perl5/i386-svr4/5.00404/Safe.pm
        UnixWare 7.1.1          /usr/gnu/lib/perl5/i386-svr4/5.00404/Safe.pm

3. Solution

        The proper solution is to install the latest packages.


4. UnixWare 7.1.3 
   Open UNIX 8.0.0
   UnixWare 7.1.2

        4.1 Location of Fixed Binaries

        ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.1


        4.2 Verification

        MD5 (erg712495.Z) = a58a6ad7b7ea39ee48abc8bc3cc0d4fe

        md5 is available for download from
                ftp://ftp.sco.com/pub/security/tools


        4.3 Installing Fixed Binaries

        Upgrade the affected binaries with the following sequence:

        1. Download the erg712495.Z file to a directory on your machine.

        2. As root, uncompress the file and add the package to your system
        using these commands:

        # uncompress erg712495.Z
        # pkgadd -d erg712495

        3. There is no need to reboot the system after installing this package.


        If you have questions regarding this supplement, or the product on
        which it is installed, please contact your software supplier.

5. References

        Specific references for this advisory:
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1323

        SCO security resources:
                http://www.sco.com/support/security/index.html

        SCO security advisories via email:
                http://www.sco.com/support/forums/security.html

        This security fix closes SCO incidents sr887197 fz528449
        erg712495.


6. Disclaimer

        SCO is not responsible for the misuse of any of the information
        we provide on this website and/or through our security
        advisories. Our advisories are a service to our customers
        intended to promote secure installation and use of SCO
        products.


7. Acknowledgments

        SCO would like to thank Andreas Jurenda

        If you would like to receive SCO Security Advisories please visit:
        http://www.thescogroup.com/support/forums/announce.html

______________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (SCO/UNIX_SVR5)

iD8DBQFAa1gDaqoBO7ipriERAmUSAJ4wj29qyF8tdLnaf73PAJy0uwmXGACfR4qY
V04ijiOTJg8nxlajD4dtwCw=
=1x3D
-----END PGP SIGNATURE-----
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-Disclosure] UnixWare 7.1.3 Open UNIX 8.0.0 UnixWare 7.1.1 : perl unsafe Safe compartment, please_reply_to_security <=
Previous by Date:  [Full-Disclosure] OpenLinux: util-linux could leak sensitive data, please_reply_to_security
Next by Date:  Re: [Full-Disclosure] Security Hole in HTTP (RFC1945) - Browser-Spoofing, Marcel Krause
Previous by Thread:  [Full-Disclosure] OpenLinux: util-linux could leak sensitive data, please_reply_to_security
Next by Thread:  Re: [Full-Disclosure] Bugfinder Being Indicted As Criminal ("Counterfei France, futureworlds
Indexes:  [Date] [Thread] [Top] [All Lists]