Security Update: [CSSA-2003-015.0] Linux: apcupsd remote root vulnerability and buffer overflows

From: security@sco.com
Date: 03/25/03

Next message: Dave Aitel: "Re: IIS 5.0 WebDAV -Proof of concept-. Fully documented."

Previous message: Jim Geovedi: "Re: PHPNuke viewpage.php allows Remote File retrieving"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: bugtraq@securityfocus.com, announce@lists.caldera.com, security-alerts@linuxsecurity.com
From: security@sco.com
Date: Tue, 25 Mar 2003 13:19:53 -0800

To: bugtraq@securityfocus.com announce@lists.caldera.com security-alerts@linuxsecurity.com

______________________________________________________________________________

SCO Security Advisory

Subject: Linux: apcupsd remote root vulnerability and buffer overflows
Advisory number: CSSA-2003-015.0
Issue date: 2003 March 25
Cross reference:
______________________________________________________________________________

1. Problem Description

From the CVE candidate desciptions:

        A vulnerability in apcupsd allows remote attackers to gain
        root privileges, possibly via format strings in a request to a
        slave server.

        Multiple buffer overflows in apcupsd may allow attackers to
        cause a denial of service or execute arbitrary code, related
        to usage of the vsprintf function.

2. Vulnerable Supported Versions

System Package
----------------------------------------------------------------------

        OpenLinux 3.1.1 Server prior to apcupsd-3.8.6-1.i386.rpm
                                        prior to apcupsd-cgi-3.8.6-1.i386.rpm
                                        prior to apcupsd-powerflute-3.8.6-1.i386.rpm

        OpenLinux 3.1 Server prior to apcupsd-3.8.6-1.i386.rpm
                                        prior to apcupsd-cgi-3.8.6-1.i386.rpm
                                        prior to apcupsd-powerflute-3.8.6-1.i386.rpm

3. Solution

        The proper solution is to install the latest packages. Many
        customers find it easier to use the Caldera System Updater, called
        cupdate (or kcupdate under the KDE environment), to update these
        packages rather than downloading and installing them by hand.

4. OpenLinux 3.1.1 Server

4.1 Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-015.0/RPMS

4.2 Packages

        a2c0d41800f62383c65f77858f0c3898 apcupsd-3.8.6-1.i386.rpm
        13800369e6a5712eb02f00514e05eaf0 apcupsd-cgi-3.8.6-1.i386.rpm
        c6744b9f001474a9bb1dd9f59d3edbcd apcupsd-powerflute-3.8.6-1.i386.rpm

4.3 Installation

        rpm -Fvh apcupsd-3.8.6-1.i386.rpm
        rpm -Fvh apcupsd-cgi-3.8.6-1.i386.rpm
        rpm -Fvh apcupsd-powerflute-3.8.6-1.i386.rpm

4.4 Source Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-015.0/SRPMS

4.5 Source Packages

2efb5f90e0c02ffc08340308d29bc1bf apcupsd-3.8.6-1.src.rpm

5. OpenLinux 3.1 Server

5.1 Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2003-015.0/RPMS

5.2 Packages

        2c04bd609f4b1949c56556719928ff50 apcupsd-3.8.6-1.i386.rpm
        048ad400cb7c9a80ba16798ecde20c4a apcupsd-cgi-3.8.6-1.i386.rpm
        d8de392566a69a95f5e230af51918839 apcupsd-powerflute-3.8.6-1.i386.rpm

5.3 Installation

        rpm -Fvh apcupsd-3.8.6-1.i386.rpm
        rpm -Fvh apcupsd-cgi-3.8.6-1.i386.rpm
        rpm -Fvh apcupsd-powerflute-3.8.6-1.i386.rpm

5.4 Source Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2003-015.0/SRPMS

5.5 Source Packages

1d6fcff1a24702cc60ec0779a6512e0a apcupsd-3.8.6-1.src.rpm

6. References

Specific references for this advisory:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0098
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0099

SCO security resources:

http://www.sco.com/support/security/index.html

This security fix closes SCO incidents sr876044, fz527560,
erg712268.

7. Disclaimer

        SCO is not responsible for the misuse of any of the information
        we provide on this website and/or through our security
        advisories. Our advisories are a service to our customers intended
        to promote secure installation and use of SCO products.

8. Acknowledgements

Highspeed Junkie (http://hsj.shadowpenguin.org/) discovered
and researched the slave server vulnerability.

______________________________________________________________________________

application/pgp-signature attachment: stored

Next message: Dave Aitel: "Re: IIS 5.0 WebDAV -Proof of concept-. Fully documented."

Previous message: Jim Geovedi: "Re: PHPNuke viewpage.php allows Remote File retrieving"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Security Update: [CSSA-2002-016.0] Linux: horde/imp cross scripting vulnerabilities
... Cross reference: ... OpenLinux 3.1 Server ... Acknowledgements ...
(Bugtraq)
Security Update: [CSSA-2002-017.0] Linux: squid compressed DNS answer message boundary failure
... Cross reference: ... OpenLinux 3.1 Server ... Acknowledgements ...
(Bugtraq)
Security Update: [CSSA-2002-020.0] Linux: icecast buffer overflows and denial-of-service
... Cross reference: ... OpenLinux 3.1 Server ... Acknowledgements ...
(Bugtraq)
Security Update: [CSSA-2002-036.0] Linux: remote buffer overflow in webalizer reverse lookup code
... Cross reference: ... OpenLinux 3.1 Server ... Acknowledgements ...
(Bugtraq)
Security Update: [CSSA-2002-038.0] Linux: inn format string and insecure open vulnerabilities
... Cross reference: ... OpenLinux 3.1 Server ... Acknowledgements ...
(Bugtraq)