From security@sco.com Tue Nov 8 14:24:15 2005 From: security@sco.com To: security-announce@list.sco.com Date: Tue, 8 Nov 2005 14:20:47 -0500 (EST) Subject: [Full-disclosure] SCOSA-2005.47 UnixWare 7.1.3 UnixWare 7.1.4 : Lynx NNTP Buffer Overflow Vulnerability -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SCO Security Advisory Subject: UnixWare 7.1.3 UnixWare 7.1.4 : Lynx NNTP Buffer Overflow Vulnerability Advisory number: SCOSA-2005.47 Issue date: 2005 November 08 Cross reference: fz533159 CVE-2005-3120 ______________________________________________________________________________ 1. Problem Description Ulf Harnhammar has reported a vulnerability in Lynx, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in the "HTrjis()" function in the handling of article headers sent from NNTP (Network News Transfer Protocol) servers. This can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into visiting a malicious web site which redirects to a malicious NNTP server via the "nntp:" URI handler. Successful exploitation allows execution of arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-3120 to this issue. 2. Vulnerable Supported Versions System Binaries ---------------------------------------------------------------------- UnixWare 7.1.3 /usr/gnu/bin/lynx UnixWare 7.1.4 /usr/gnu/bin/lynx 3. Solution The proper solution is to install the latest packages. 4. UnixWare 7.1.3 4.1 Location of Fixed Binaries ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.47 4.2 Verification MD5 (p533159.image) = bc3fd8c36aea096b7ed75a2f27950b1e md5 is available for download from ftp://ftp.sco.com/pub/security/tools 4.3 Installing Fixed Binaries Upgrade the affected binaries with the following sequence: Download p533159.image to the /var/spool/pkg directory # pkgadd -d /var/spool/pkg/p533159.image 5. UnixWare 7.1.4 5.1 Location of Fixed Binaries ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.47 5.2 Verification MD5 (p533159.image) = bc3fd8c36aea096b7ed75a2f27950b1e md5 is available for download from ftp://ftp.sco.com/pub/security/tools 5.3 Installing Fixed Binaries Upgrade the affected binaries with the following sequence: Download p533159.image to the /var/spool/pkg directory # pkgadd -d /var/spool/pkg/p533159.image 6. References Specific references for this advisory: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3120 http://lists.grok.org.uk/pipermail/full-disclosure/2005-October/038019.html http://securitytracker.com/id?1015065 http://secunia.com/advisories/17216 SCO security resources: http://www.sco.com/support/security/index.html SCO security advisories via email http://www.sco.com/support/forums/security.html This security fix closes SCO incident fz533159. 7. Disclaimer SCO is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of SCO products. 8. Acknowledgments SCO would like to thank Ulf Harnhammar for reporting this vulnerability. ______________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (UnixWare) iD8DBQFDcPYVaqoBO7ipriERAjoRAJ0U1Ik6iVjuCU2XFRAAiJ1k157D8gCeOXw6 +lnmbCl8lvRH/GYwLg2saLE= =g4hZ -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/