Bugtraq mailing list archives
UnixWare 7.1.4 UnixWare 7.1.3 : cpio race condition and directory traversal issues fixed.
From: please_reply_to_security () sco com
Date: Thu, 18 Aug 2005 13:07:48 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SCO Security Advisory
Subject: UnixWare 7.1.4 UnixWare 7.1.3 : cpio race condition and directory traversal issues fixed.
Advisory number: SCOSA-2005.32
Issue date: 2005 August 18
Cross reference: sr893934 fz532333 erg712854 CAN-2005-1111 CAN-2005-1229
______________________________________________________________________________
1. Problem Description
A race condition in cpio 2.6 and earlier allows local users
to modify permissions of arbitrary files via a hard link
attack on a file while it is being decompressed, whose
permissions are changed by cpio after the decompression
is complete.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2005-1111 to this issue
A directory traversal vulnerability in cpio 2.6 and earlier
allows remote attackers to write to arbitrary directories
via a .. (dot dot) in a cpio file.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-1229 to this issue
2. Vulnerable Supported Versions
System Binaries
----------------------------------------------------------------------
UnixWare 7.1.4 /bin/cpio
UnixWare 7.1.3 /bin/cpio
3. Solution
The proper solution is to install the latest packages.
4. UnixWare 7.1.4
4.1 Location of Fixed Binaries
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.32
4.2 Verification
MD5 (erg712854.uw714.pkg.Z) = a12807ae0a69d88a3b4f0ed7a014f3ef
md5 is available for download from
ftp://ftp.sco.com/pub/security/tools
4.3 Installing Fixed Binaries
Upgrade the affected binaries with the following sequence:
Download erg712854.uw714.pkg.Z to the /var/spool/pkg directory
# uncompress /var/spool/pkg/erg712854.uw714.pkg.Z
# pkgadd -d /var/spool/pkg/erg712854.uw714.pkg
5. UnixWare 7.1.3
5.1 Location of Fixed Binaries
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.32
5.2 Verification
MD5 (erg712854.uw713.pkg.Z) = 0b514e72f094c21d8c49b359d05e8e7e
md5 is available for download from
ftp://ftp.sco.com/pub/security/tools
5.3 Installing Fixed Binaries
Upgrade the affected binaries with the following sequence:
Download erg712854.uw713.pkg.Z to the /var/spool/pkg directory
# uncompress /var/spool/pkg/erg712854.uw713.pkg.Z
# pkgadd -d /var/spool/pkg/erg712854.uw713.pkg
6. References
Specific references for this advisory:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1111
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1229
http://xforce.iss.net/xforce/xfdb/20204
SCO security resources:
http://www.sco.com/support/security/index.html
SCO security advisories via email
http://www.sco.com/support/forums/security.html
This security fix closes SCO incidents sr893934 fz532333
erg712854.
7. Disclaimer
SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers
intended to promote secure installation and use of SCO
products.
______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (SCO/SYSV)
iD8DBQFDBOeMaqoBO7ipriERAuRJAJ0cYodhPtdCH7kyiaeMrdtCJTNMdACfVd/E
QoE27v9zH1rVoPsC+4yIx6A=
=QNAv
-----END PGP SIGNATURE-----
Current thread:
- UnixWare 7.1.4 UnixWare 7.1.3 : cpio race condition and directory traversal issues fixed. please_reply_to_security (Aug 18)