[Full-Disclosure] Security Update: [CSSA-2002-053.0] Linux: gv execution of arbitrary shell commands

From: please_reply_to_security@caldera.com
Date: 11/23/02


From: please_reply_to_security@caldera.com (please_reply_to_security@caldera.com)
Date: Fri, 22 Nov 2002 16:52:38 -0800


--aT9PWwzfKXlsBJM1
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

To: bugtraq@securityfocus.com announce@lists.caldera.com security-alerts@linuxsecurity.com full-disclosure@lists.netsys.com

______________________________________________________________________________

                        SCO Security Advisory

Subject: Linux: gv execution of arbitrary shell commands
Advisory number: CSSA-2002-053.0
Issue date: 2002 November 22
Cross reference:
______________________________________________________________________________

1. Problem Description

        gv can be forced to execute arbitrary shell commands by using
        a buffer overflow.

2. Vulnerable Supported Versions

        System Package
        ----------------------------------------------------------------------

        OpenLinux 3.1.1 Server prior to gv-3.5.8-10.i386.rpm
                                        prior to gv-doc-html-3.5.8-10.i386.rpm

        OpenLinux 3.1.1 Workstation prior to gv-3.5.8-10.i386.rpm
                                        prior to gv-doc-html-3.5.8-10.i386.rpm

        OpenLinux 3.1 Server prior to gv-3.5.8-10.i386.rpm
                                        prior to gv-doc-html-3.5.8-10.i386.rpm

        OpenLinux 3.1 Workstation prior to gv-3.5.8-10.i386.rpm
                                        prior to gv-doc-html-3.5.8-10.i386.rpm

3. Solution

        The proper solution is to install the latest packages. Many
        customers find it easier to use the Caldera System Updater, called
        cupdate (or kcupdate under the KDE environment), to update these
        packages rather than downloading and installing them by hand.

4. OpenLinux 3.1.1 Server

        4.1 Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-053.0/RPMS

        4.2 Packages

        cb5eea88360c079d7d54177329e166c0 gv-3.5.8-10.i386.rpm
        cdb3756c1b6a091afaf39de0dabf4596 gv-doc-html-3.5.8-10.i386.rpm

        4.3 Installation

        rpm -Fvh gv-3.5.8-10.i386.rpm
        rpm -Fvh gv-doc-html-3.5.8-10.i386.rpm

        4.4 Source Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-053.0/SRPMS

        4.5 Source Packages

        77808a8c99f8d4633d391be68386b409 gv-3.5.8-10.src.rpm

5. OpenLinux 3.1.1 Workstation

        5.1 Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-053.0/RPMS

        5.2 Packages

        0bcae541db2c4789cf32cc7b23943c98 gv-3.5.8-10.i386.rpm
        2c98eb1edba9735634561c1fca76a50b gv-doc-html-3.5.8-10.i386.rpm

        5.3 Installation

        rpm -Fvh gv-3.5.8-10.i386.rpm
        rpm -Fvh gv-doc-html-3.5.8-10.i386.rpm

        5.4 Source Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-053.0/SRPMS

        5.5 Source Packages

        21aedbec359aa6f089a33faa5351beaa gv-3.5.8-10.src.rpm

6. OpenLinux 3.1 Server

        6.1 Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-053.0/RPMS

        6.2 Packages

        f806bd5555db9447219bc4cf7d8a6943 gv-3.5.8-10.i386.rpm
        d2ec6637464a67324465aaa78fe4ce1c gv-doc-html-3.5.8-10.i386.rpm

        6.3 Installation

        rpm -Fvh gv-3.5.8-10.i386.rpm
        rpm -Fvh gv-doc-html-3.5.8-10.i386.rpm

        6.4 Source Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-053.0/SRPMS

        6.5 Source Packages

        08391461cbfe9285473837051dfa659e gv-3.5.8-10.src.rpm

7. OpenLinux 3.1 Workstation

        7.1 Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-053.0/RPMS

        7.2 Packages

        2d02777949ff45ff5fded454dc20cc51 gv-3.5.8-10.i386.rpm
        d18bed4ecc2e6770bb51566f8eb52568 gv-doc-html-3.5.8-10.i386.rpm

        7.3 Installation

        rpm -Fvh gv-3.5.8-10.i386.rpm
        rpm -Fvh gv-doc-html-3.5.8-10.i386.rpm

        7.4 Source Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-053.0/SRPMS

        7.5 Source Packages

        b3a98182f3c5667b255dff4b3cb887a0 gv-3.5.8-10.src.rpm

8. References

        Specific references for this advisory:

                http://www.epita.fr/~bevand_m/asa/asa-0000
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0838
                iDEFENSE Security Advisory 09.26.2002

        SCO security resources:

                http://www.sco.com/support/security/index.html

        This security fix closes SCO incidents sr869923, fz526236,
        erg712135.

9. Disclaimer

        SCO is not responsible for the misuse of any of the information
        we provide on this website and/or through our security
        advisories. Our advisories are a service to our customers intended
        to promote secure installation and use of SCO products.

10. Acknowledgements

        Marc Bevand and David Endler discovered and researched this
        vulnerability.

______________________________________________________________________________

--aT9PWwzfKXlsBJM1
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAj3e0VYACgkQbluZssSXDTHfugCeLPiz9Rdb0gu3bRWN8VlH9gIF
5b4AoKNHk3wtxcN92C3BAyWI3xizXml/
=km6R
-----END PGP SIGNATURE-----

--aT9PWwzfKXlsBJM1--