UnixWare 7.1.4 UnixWare 7.1.3 UnixWare 7.1.1 : x.org possible local socket hijacking

please_reply_to_security_at_sco.com
Date: 01/26/05

  • Next message: Martin Schulze: "[SECURITY] [DSA 660-1] New kdebase packages fix authentication bypass"
    To: security-announce@list.sco.com, bugtraq@securityfocus.com, full-disclosure@lists.netsys.com
    Date: Wed, 26 Jan 2005 09:59:10 -0800
    
    

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    ______________________________________________________________________________

                            SCO Security Advisory

    Subject: UnixWare 7.1.4 UnixWare 7.1.3 UnixWare 7.1.1 : x.org possible local socket hijacking
    Advisory number: SCOSA-2005.8
    Issue date: 2005 January 26
    Cross reference: sr891412 fz530161 erg712694 CAN-2005-0134
    ______________________________________________________________________________

    1. Problem Description

            The socket directories created in /tmp are now required to
            be owned by root and have their sticky-bit set. If the
            permission is not set properly, the component will try to
            set it properly. If it is unable to do that, it will generate
            error/warning message(s), but the component will not fail.
            (a.k.a. fail softly)

            The owner and permissions of these directories are tried
            to be set correctly even if X servers are started by regular
            users; it generates error message if it fails in doing so.

            The Common Vulnerabilities and Exposures project (cve.mitre.org)
            has assigned the name CAN-2005-0134 to this issue.

    2. Vulnerable Supported Versions

            System Binaries
            ----------------------------------------------------------------------
            UnixWare 7.1.4 /usr/X/bin/Xnest
                                            /usr/X/bin/Xsco
                                            /usr/X/bin/Xvfb
                                            /usr/X/bin/xfs
                                            /usr/X/lib/libICE.a
                                            /usr/X/lib/libICE.so.6.0
                                            /usr/src/ihvkit/display/Xserver/lib/libos.a
                                            /usr/src/ihvkit/display/usrlib/libfont.a

            UnixWare 7.1.3 /usr/X/bin/Xnest
                                            /usr/X/bin/Xsco
                                            /usr/X/bin/Xvfb
                                            /usr/X/bin/xfs
                                            /usr/X/lib/libICE.a
                                            /usr/X/lib/libICE.so.6.0
                                            /usr/src/ihvkit/display/Xserver/lib/libos.a
                                            /usr/src/ihvkit/display/usrlib/libfont.a

            UnixWare 7.1.1 /usr/X/bin/Xnest
                                            /usr/X/bin/Xsco
                                            /usr/X/bin/Xvfb
                                            /usr/X/bin/xfs
                                            /usr/X/lib/libICE.a
                                            /usr/X/lib/libICE.so.6.0
                                            /usr/src/ihvkit/display/Xserver/lib/libos.a
                                            /usr/src/ihvkit/display/usrlib/libfont.a

    3. Solution

            The proper solution is to install the latest packages.

    4. UnixWare 7.1.4

            4.1 Location of Fixed Binaries

            ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.8

            4.2 Verification

            MD5 (erg712694.pkg.Z) = f216b86a37d02bc0630a849863023637

            md5 is available for download from
                    ftp://ftp.sco.com/pub/security/tools

            4.3 Installing Fixed Binaries

            Upgrade the affected binaries with the following sequence:

            Download erg712694.pkg.Z to the /var/spool/pkg directory

            # uncompress /var/spool/pkg/erg712694.pkg.Z
            # pkgadd -d /var/spool/pkg/erg712694.pkg

    5. UnixWare 7.1.3

            5.1 Location of Fixed Binaries

            ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.8

            5.2 Verification

            MD5 (erg712694.713.pkg.Z) = cdd347f43fb4cbcec2ef693d88ec104b

            md5 is available for download from
                    ftp://ftp.sco.com/pub/security/tools

            5.3 Installing Fixed Binaries

            Upgrade the affected binaries with the following sequence:

            Download erg712694.713.pkg.Z to the /var/spool/pkg directory

            # uncompress /var/spool/pkg/erg712694.713.pkg.Z
            # pkgadd -d /var/spool/pkg/erg712694.713.pkg

    6. UnixWare 7.1.1

            6.1 Location of Fixed Binaries

            ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.8

            6.2 Verification

            MD5 (erg712694.711.pkg.Z) = 8c59f293edd8520ed1fefc0abe465592

            md5 is available for download from
                    ftp://ftp.sco.com/pub/security/tools

            6.3 Installing Fixed Binaries

            Upgrade the affected binaries with the following sequence:

            Download erg712694.711.pkg.Z to the /var/spool/pkg directory

            # uncompress /var/spool/pkg/erg712694.711.pkg.Z
            # pkgadd -d /var/spool/pkg/erg712694.711.pkg

    7. References

            Specific references for this advisory:
                    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0134
                    http://x.org/X11R6.8.1/RELNOTES.txt

            SCO security resources:
                    http://www.sco.com/support/security/index.html

            SCO security advisories via email
                    http://www.sco.com/support/forums/security.html

            This security fix closes SCO incidents sr891412 fz530161
            erg712694.

    8. Disclaimer

            SCO is not responsible for the misuse of any of the information
            we provide on this website and/or through our security
            advisories. Our advisories are a service to our customers
            intended to promote secure installation and use of SCO
            products.

    9. Acknowledgments

            SCO would like to thank Jim Gettys and The Open X.org
            foundation

    ______________________________________________________________________________

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.0 (SCO/UNIX_SVR5)

    iD8DBQFB98mXaqoBO7ipriERArMgAJ9l6hevRUmeSfRYAeKyPjBRGZMboACdHaN8
    t5ODtKnXSh7A5Zd+TLdGUag=
    =6LRp
    -----END PGP SIGNATURE-----


  • Next message: Martin Schulze: "[SECURITY] [DSA 660-1] New kdebase packages fix authentication bypass"