96847 2003-03-25  22:31  /133 rader/  <security@sco.com>
Importerad: 2003-03-25  22:31  av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Extern mottagare: announce@lists.caldera.com
Extern mottagare: security-alerts@linuxsecurity.com
Externa svar till: please_reply_to_security@sco.com
Mottagare: Bugtraq (import) <4165>
Ärende: Security Update: [CSSA-2003-015.0] Linux: apcupsd remote root vulnerability and buffer overflows
------------------------------------------------------------
To: bugtraq@securityfocus.com announce@lists.caldera.com security-alerts@linuxsecurity.com


______________________________________________________________________________

			SCO Security Advisory

Subject:		Linux: apcupsd remote root vulnerability and buffer overflows
Advisory number: 	CSSA-2003-015.0
Issue date: 		2003 March 25
Cross reference:
______________________________________________________________________________


1. Problem Description

	From the CVE candidate desciptions:

	A vulnerability in apcupsd allows remote attackers to gain
	root privileges, possibly via format strings in a request to a
	slave server.

	Multiple buffer overflows in apcupsd may allow attackers to
	cause a denial of service or execute arbitrary code, related
	to usage of the vsprintf function.


2. Vulnerable Supported Versions

	System				Package
	----------------------------------------------------------------------

	OpenLinux 3.1.1 Server		prior to apcupsd-3.8.6-1.i386.rpm
					prior to apcupsd-cgi-3.8.6-1.i386.rpm
					prior to apcupsd-powerflute-3.8.6-1.i386.rpm

	OpenLinux 3.1 Server		prior to apcupsd-3.8.6-1.i386.rpm
					prior to apcupsd-cgi-3.8.6-1.i386.rpm
					prior to apcupsd-powerflute-3.8.6-1.i386.rpm


3. Solution

	The proper solution is to install the latest packages. Many
	customers find it easier to use the Caldera System Updater,
	called cupdate (or kcupdate under the KDE environment), to
	update these packages rather than downloading and installing
	them by hand.


4. OpenLinux 3.1.1 Server

	4.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-015.0/RPMS

	4.2 Packages

	a2c0d41800f62383c65f77858f0c3898
	apcupsd-3.8.6-1.i386.rpm
	13800369e6a5712eb02f00514e05eaf0
	apcupsd-cgi-3.8.6-1.i386.rpm
	c6744b9f001474a9bb1dd9f59d3edbcd
	apcupsd-powerflute-3.8.6-1.i386.rpm

	4.3 Installation

	rpm -Fvh apcupsd-3.8.6-1.i386.rpm
	rpm -Fvh apcupsd-cgi-3.8.6-1.i386.rpm
	rpm -Fvh apcupsd-powerflute-3.8.6-1.i386.rpm

	4.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-015.0/SRPMS

	4.5 Source Packages

	2efb5f90e0c02ffc08340308d29bc1bf
apcupsd-3.8.6-1.src.rpm


5. OpenLinux 3.1 Server

	5.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2003-015.0/RPMS

	5.2 Packages

	2c04bd609f4b1949c56556719928ff50
	apcupsd-3.8.6-1.i386.rpm
	048ad400cb7c9a80ba16798ecde20c4a
	apcupsd-cgi-3.8.6-1.i386.rpm
	d8de392566a69a95f5e230af51918839
	apcupsd-powerflute-3.8.6-1.i386.rpm

	5.3 Installation

	rpm -Fvh apcupsd-3.8.6-1.i386.rpm
	rpm -Fvh apcupsd-cgi-3.8.6-1.i386.rpm
	rpm -Fvh apcupsd-powerflute-3.8.6-1.i386.rpm

	5.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2003-015.0/SRPMS

	5.5 Source Packages

	1d6fcff1a24702cc60ec0779a6512e0a
apcupsd-3.8.6-1.src.rpm


6. References

	Specific references for this advisory:

		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0098
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0099

	SCO security resources:

		http://www.sco.com/support/security/index.html

	This security fix closes SCO incidents sr876044, fz527560,
	erg712268.


7. Disclaimer

	SCO is not responsible for the misuse of any of the
	information we provide on this website and/or through our
	security advisories. Our advisories are a service to our
	customers intended to promote secure installation and use of
	SCO products.


8. Acknowledgements

	Highspeed Junkie (http://hsj.shadowpenguin.org/) discovered
	and researched the slave server vulnerability.

______________________________________________________________________________
(96847) / <security@sco.com>/-------------(Ombruten)
Bilaga (application/pgp-signature) i text 96848
96848 2003-03-25  22:31  /9 rader/  <security@sco.com>
Importerad: 2003-03-25  22:31  av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Extern mottagare: announce@lists.caldera.com
Extern mottagare: security-alerts@linuxsecurity.com
Externa svar till: please_reply_to_security@sco.com
Mottagare: Bugtraq (import) <4166>
Bilaga (text/plain) till text 96847
Ärende: Bilaga till: Security Update: [CSSA-2003-015.0] Linux: apcupsd remote root vulnerability and buffer overflows
------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAj6Ax/kACgkQbluZssSXDTFDggCgyVG5mjlwhtZCSjyOzwaPvfwa
XpUAoKbWacgyIbJuiHIYIp5oNub98eGx
=DrH4
-----END PGP SIGNATURE-----
(96848) / <security@sco.com>/-----------------------