OpenServer 5.0.7 : The docview package allows anonymous remote users to view any publicly readable files on a OpenServer system.

[security () sco com]

To: bugtraq () securityfocus com announce () lists caldera com full-disclosure () lists netsys com 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

__________________________________________________________

                SCO Security Advisory

Subject:        OpenServer 5.0.7 : The docview package allows anonymous remote users to view any publicly readable 
files on a OpenServer system.
Advisory number:        CSSA-2003-SCO.16
Issue date:             2003 August 25
Cross reference:
__________________________________________________________


1. Problem Description

        Docview provides the OpenServer Administration Guide,
        available in browser HTML format. 

        Due to a misconfiguration of the apache server, anonymous 
        remote users are able to craft a URL in such a way as to 
        view any publicly readable file.

        The Common Vulnerabilities and Exposures (CVE) project has
        assigned the name CAN-2003-0658 to this issue. This is a candidate 
        for inclusion in the CVE list (http://cve.mitre.org), which


2. Vulnerable Supported Versions

        System                  Binaries
        ----------------------------------------------------------------
        OpenServer 5.0.7 /usr/lib/docview/conf/templates/rewrite.conf.in


        3. Solution

        The proper solution is to install the latest packages.


        4. OpenServer 5.0.7

          4.1 Location of Fixed Binaries

            ftp://ftp.caldera.com/pub/updates/OpenServer/CSSA-2003-SCO.16/


          4.2 Verification

            MD5 (VOL.000.000) = d3d538206b2362949813dc93713d5c93

            md5 is available for download from
              ftp://ftp.sco.com/pub/security/tools


          4.3 Installing Fixed Binaries

            Upgrade the affected binaries with the following sequence:

              1) Download the VOL* files to the /tmp directory
              2) Run the custom command, specify an install from
                 media images, and specify the /tmp directory as the
                 location of the images.


        6. References

          Specific references for this advisory:
            http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0658

          SCO security resources:

            http://www.sco.com/support/security/index.html 

          This security fix closes SCO incidents
            sr882453 fz528125 erg712368.


        7. Disclaimer 

        SCO is not responsible for the misuse of any of
        the information we provide on this website and/or through our
        security advisories. Our advisories are a service to our
        customers intended to promote secure installation and use of
        SCO products. 
           
           
        8. Acknowledgements 

        SCO would like to thank Milos Krmesky for discovery of this
        vulnerability. 

_________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux)

iD8DBQE/SmdRaqoBO7ipriERAsXoAJ44l661hJJG62NwmSOMlY0hQVEITQCfdT9H
SLYZL90eZqx6fjQxHm/acys=
=lGV7
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html