-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SCO Security Advisory Subject: UnixWare 7.1.4 UnixWare 7.1.3 UnixWare 7.1.1 : CDE dtlogin unspecified double free Advisory number: SCOSA-2005.18 Issue date: 2005 April 7 Cross reference: sr890079 fz529303 erg712592 CAN-2004-0368 CERT VU#179804 ______________________________________________________________________________ 1. Problem Description The Common Desktop Environment (CDE) dtlogin utility is used to log into a CDE session. The CDE dtlogin utility has a double-free vulnerability in the X Display Manager Control Protocol (XDMCP). By sending a specially-crafted XDMCP packet to a vulnerable system, a remote attacker could obtain sensitive information, cause a denial of service or execute arbitrary code on the system. CERT Vulnerability Note VU#179804, Common Desktop Environment (CDE) dtlogin improperly deallocates memory at http://www.kb.cert.org/vuls/id/179804. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0368 to this issue. 2. Vulnerable Supported Versions System Binaries ---------------------------------------------------------------------- UnixWare 7.1.4 /usr/dt/bin/dtgreet /usr/dt/bin/dtlogin /usr/dt/lib/libDtLogin.so.1 UnixWare 7.1.3 /usr/dt/bin/dtgreet /usr/dt/bin/dtlogin /usr/dt/lib/libDtLogin.so.1 UnixWare 7.1.1 See Maintenance Pack 5 notes 3. Solution The proper solution is to install the latest packages. 4. UnixWare 7.1.4 4.1 Location of Fixed Binaries ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.18 4.2 Verification MD5 (erg712592.pkg.Z) = d3714b22a624db25740f5539c063d407 md5 is available for download from ftp://ftp.sco.com/pub/security/tools 4.3 Installing Fixed Binaries Upgrade the affected binaries with the following sequence: Download erg712592.pkg.Z to the /var/spool/pkg directory # uncompress /var/spool/pkg/erg712592.pkg.Z # pkgadd -d /var/spool/pkg/erg712592.pkg 5. UnixWare 7.1.3 5.1 Location of Fixed Binaries ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.18 5.2 Verification MD5 (erg712592.713.pkg.Z) = fc8d0c4f0ebdcf65504d1b4985c7ba52 md5 is available for download from ftp://ftp.sco.com/pub/security/tools 5.3 Installing Fixed Binaries Upgrade the affected binaries with the following sequence: Download erg712592.713.pkg.Z to the /var/spool/pkg directory # uncompress /var/spool/pkg/erg712592.713.pkg.Z # pkgadd -d /var/spool/pkg/erg712592.713.pkg 6. UnixWare 7.1.1 uw711mp5 6.1 Location of Fixed Binaries The fixes are available in SCO UnixWare Release 7.1.1 Maintenance Pack 5 or later. See ftp://ftp.sco.com/pub/unixware7/uw711pk/uw711mp5.txt and ftp://ftp.sco.com/pub/unixware7/uw711pk/uw711mp5_errata.txt 6.2 Verification MD5 (uw711mp5.cpio.Z) = 50bd66b7d57b2025da9dca4010d0ab1a md5 is available for download from ftp://ftp.sco.com/pub/security/tools 6.3 Installing Fixed Binaries See uw711mp5.txt and uw711mp5_errata.txt for install instructions. 7. References Specific references for this advisory: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0368 SCO security resources: http://www.sco.com/support/security/index.html SCO security advisories via email http://www.sco.com/support/forums/security.html This security fix closes SCO incidents sr890079 fz529303 erg712592. 8. Disclaimer SCO is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of SCO products. 9. Acknowledgments SCO would like to thank Dave Aitel ______________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (SCO/SYSV) iD8DBQFCVYa9aqoBO7ipriERAiKPAJ9tygBRSAMRNqWS2jRKE5PWyJF4+gCff8Em Hvk5XLjwEg89hCPj96JJ1MM= =dRsT -----END PGP SIGNATURE-----
