OpenLinux: screen buffer overflow

[please_reply_to_security () sco com]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


______________________________________________________________________________

                        SCO Security Advisory

Subject:                OpenLinux: screen buffer overflow
Advisory number:        CSSA-2004-011.0
Issue date:             2004 March 02
Cross reference:        sr888392 fz528595 erg712512 CAN-2003-0972
______________________________________________________________________________


1. Problem Description

        Integer signedness error in ansi.c for GNU screen 4.0.1 and 
        earlier, and 3.9.15 and earlier, could allows local users to 
        execute arbitrary code via a large number of characters in 
        escape sequences, which leads to a buffer overflow.

        The Common Vulnerabilities and Exposures project (cve.mitre.org) 
        has assigned the name CAN-2003-0972 to this issue.


2. Vulnerable Supported Versions

        System                          Package
        ----------------------------------------------------------------------
        OpenLinux 3.1.1 Server          prior to screen-3.9.10-2.i386.rpm
        OpenLinux 3.1.1 Workstation     prior to screen-3.9.10-2.i386.rpm


3. Solution

        The proper solution is to install the latest packages. Many
        customers find it easier to use the Caldera System Updater, called
        cupdate (or kcupdate under the KDE environment), to update these
        packages rather than downloading and installing them by hand.


4. OpenLinux 3.1.1 Server

        4.1 Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-011.0/RPMS

        4.2 Packages

        95d5288f69a948437aa5e078216db7b2        screen-3.9.10-2.i386.rpm

        4.3 Installation

        rpm -Fvh screen-3.9.10-2.i386.rpm

        4.4 Source Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-011.0/SRPMS

        4.5 Source Packages

        4e2ec4db363fdc65d8e46fe3e645d949        screen-3.9.10-2.src.rpm


5. OpenLinux 3.1.1 Workstation

        5.1 Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2004-011.0/RPMS

        5.2 Packages

        7edc6ee34b38dd0b20b4cacdf0899898        screen-3.9.10-2.i386.rpm

        5.3 Installation

        rpm -Fvh screen-3.9.10-2.i386.rpm

        5.4 Source Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2004-011.0/SRPMS

        5.5 Source Packages

        bfe39326a2fffc971856890eea5a1758        screen-3.9.10-2.src.rpm


6. References

        Specific references for this advisory:
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0972
                http://marc.theaimsgroup.com/?l=bugtraq&m=106995837813873&w=2
                http://groups.yahoo.com/group/gnu-screen/message/3118
                http://www.securitytracker.com/alerts/2003/Nov/1008321.html

        SCO security resources:
                http://www.sco.com/support/security/index.html

        This security fix closes SCO incidents sr888392 fz528595
        erg712512.


7. Disclaimer

        SCO is not responsible for the misuse of any of the information
        we provide on this website and/or through our security
        advisories. Our advisories are a service to our customers intended
        to promote secure installation and use of SCO products.


8. Acknowledgements

        SCO would like to thank Timo Sirainen

______________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (SCO/UNIX_SVR5)

iD8DBQFARVkGbluZssSXDTERAon5AJ9oQxSMsjmJAtdc+f2c3MLXQZQLLQCfbwXh
G117t90/rMatYuDWGtDpqcs=
=Uqh3
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html