UnixWare 7.1.4 UnixWare 7.1.3 UnixWare 7.1.1 : x.org possible local socket hijacking

[please_reply_to_security () sco com]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



______________________________________________________________________________

                        SCO Security Advisory

Subject:                UnixWare 7.1.4 UnixWare 7.1.3 UnixWare 7.1.1 : x.org possible local socket hijacking
Advisory number:        SCOSA-2005.8
Issue date:             2005 January 26
Cross reference:        sr891412 fz530161 erg712694 CAN-2005-0134
______________________________________________________________________________


1. Problem Description

        The socket directories created in /tmp are now required to
        be owned by root and have their sticky-bit set. If the
        permission is not set properly, the component will try to
        set it properly. If it is unable to do that, it will generate 
        error/warning message(s), but the component will not fail.
        (a.k.a. fail softly)

        The owner and permissions of these directories are tried 
        to be set correctly even if X servers are started by regular 
        users; it generates error message if it fails in doing so. 

        The Common Vulnerabilities and Exposures project (cve.mitre.org) 
        has assigned the name CAN-2005-0134 to this issue.


2. Vulnerable Supported Versions

        System                          Binaries
        ----------------------------------------------------------------------
        UnixWare 7.1.4                  /usr/X/bin/Xnest
                                        /usr/X/bin/Xsco
                                        /usr/X/bin/Xvfb
                                        /usr/X/bin/xfs
                                        /usr/X/lib/libICE.a
                                        /usr/X/lib/libICE.so.6.0
                                        /usr/src/ihvkit/display/Xserver/lib/libos.a
                                        /usr/src/ihvkit/display/usrlib/libfont.a

        UnixWare 7.1.3                  /usr/X/bin/Xnest
                                        /usr/X/bin/Xsco
                                        /usr/X/bin/Xvfb
                                        /usr/X/bin/xfs
                                        /usr/X/lib/libICE.a
                                        /usr/X/lib/libICE.so.6.0
                                        /usr/src/ihvkit/display/Xserver/lib/libos.a
                                        /usr/src/ihvkit/display/usrlib/libfont.a

        UnixWare 7.1.1                  /usr/X/bin/Xnest
                                        /usr/X/bin/Xsco
                                        /usr/X/bin/Xvfb
                                        /usr/X/bin/xfs
                                        /usr/X/lib/libICE.a
                                        /usr/X/lib/libICE.so.6.0
                                        /usr/src/ihvkit/display/Xserver/lib/libos.a
                                        /usr/src/ihvkit/display/usrlib/libfont.a


3. Solution

        The proper solution is to install the latest packages.


4. UnixWare 7.1.4

        4.1 Location of Fixed Binaries

        ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.8

        4.2 Verification

        MD5 (erg712694.pkg.Z) = f216b86a37d02bc0630a849863023637

        md5 is available for download from
                ftp://ftp.sco.com/pub/security/tools

        4.3 Installing Fixed Binaries

        Upgrade the affected binaries with the following sequence:

        Download erg712694.pkg.Z to the /var/spool/pkg directory

        # uncompress /var/spool/pkg/erg712694.pkg.Z
        # pkgadd -d /var/spool/pkg/erg712694.pkg


5. UnixWare 7.1.3

        5.1 Location of Fixed Binaries

        ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.8

        5.2 Verification

        MD5 (erg712694.713.pkg.Z) = cdd347f43fb4cbcec2ef693d88ec104b

        md5 is available for download from
                ftp://ftp.sco.com/pub/security/tools

        5.3 Installing Fixed Binaries

        Upgrade the affected binaries with the following sequence:

        Download erg712694.713.pkg.Z to the /var/spool/pkg directory

        # uncompress /var/spool/pkg/erg712694.713.pkg.Z
        # pkgadd -d /var/spool/pkg/erg712694.713.pkg


6. UnixWare 7.1.1

        6.1 Location of Fixed Binaries

        ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.8


        6.2 Verification

        MD5 (erg712694.711.pkg.Z) = 8c59f293edd8520ed1fefc0abe465592

        md5 is available for download from
                ftp://ftp.sco.com/pub/security/tools


        6.3 Installing Fixed Binaries

        Upgrade the affected binaries with the following sequence:

        Download erg712694.711.pkg.Z to the /var/spool/pkg directory

        # uncompress /var/spool/pkg/erg712694.711.pkg.Z
        # pkgadd -d /var/spool/pkg/erg712694.711.pkg


7. References

        Specific references for this advisory:
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0134 
                http://x.org/X11R6.8.1/RELNOTES.txt

        SCO security resources:
                http://www.sco.com/support/security/index.html

        SCO security advisories via email
                http://www.sco.com/support/forums/security.html

        This security fix closes SCO incidents sr891412 fz530161
        erg712694.


8. Disclaimer

        SCO is not responsible for the misuse of any of the information
        we provide on this website and/or through our security
        advisories. Our advisories are a service to our customers
        intended to promote secure installation and use of SCO
        products.


9. Acknowledgments

        SCO would like to thank Jim Gettys and The Open X.org
        foundation

______________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (SCO/UNIX_SVR5)

iD8DBQFB98mXaqoBO7ipriERArMgAJ9l6hevRUmeSfRYAeKyPjBRGZMboACdHaN8
t5ODtKnXSh7A5Zd+TLdGUag=
=6LRp
-----END PGP SIGNATURE-----