PDA

Bekijk Volledige Versie : Security Update: [CSSA-2003.003.0] Linux: wget directory traversal and buffer overrun vulnerabilitie



security@caldera.com
17/01/03, 22:17
--EVF5PPMfhYS0aIcm
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

To: bugtraq@securityfocus.com announce@lists.caldera.com security-alerts@linuxsecurity.com full-disclosure@lists.netsys

__________________________________________________ ____________________________

SCO Security Advisory

Subject: Linux: wget directory traversal and buffer overrun vulnerabilities
Advisory number: CSSA-2003-003.0
Issue date: 2003 January 16
Cross reference:
__________________________________________________ ____________________________


1. Problem Description

Stefano Zacchiroli found a buffer overrun in the url_filename
function, which would make wget segfault on very long urls.

Steven M. Christey discovered that wget did not verify the FTP
server response to a NLST command: it must not contain any
directory information, since that can be used to make a FTP
client overwrite arbitrary files.


2. Vulnerable Supported Versions

System Package
----------------------------------------------------------------------

OpenLinux 3.1.1 Server prior to wget-1.7.1-3.i386.rpm

OpenLinux 3.1.1 Workstation prior to wget-1.7.1-3.i386.rpm

OpenLinux 3.1 Server prior to wget-1.7.1-3.i386.rpm

OpenLinux 3.1 Workstation prior to wget-1.7.1-3.i386.rpm


3. Solution

The proper solution is to install the latest packages. Many
customers find it easier to use the Caldera System Updater, called
cupdate (or kcupdate under the KDE environment), to update these
packages rather than downloading and installing them by hand.


4. OpenLinux 3.1.1 Server

4.1 Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-003.0/RPMS

4.2 Packages

0adc5e5568cc589b9ab90ebb0e181e65 wget-1.7.1-3.i386.rpm

4.3 Installation

rpm -Fvh wget-1.7.1-3.i386.rpm

4.4 Source Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-003.0/SRPMS

4.5 Source Packages

b443ec3aa56abaa8236a88bffebba036 wget-1.7.1-3.src.rpm


5. OpenLinux 3.1.1 Workstation

5.1 Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-003.0/RPMS

5.2 Packages

d5ef7e346ec79bead0cba20189904a11 wget-1.7.1-3.i386.rpm

5.3 Installation

rpm -Fvh wget-1.7.1-3.i386.rpm

5.4 Source Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-003.0/SRPMS

5.5 Source Packages

02c04170cbdef2de1b1f2c1a478681f7 wget-1.7.1-3.src.rpm


6. OpenLinux 3.1 Server

6.1 Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2003-003.0/RPMS

6.2 Packages

7c2901898d0cc4d0bbb6132d82fefd0e wget-1.7.1-3.i386.rpm

6.3 Installation

rpm -Fvh wget-1.7.1-3.i386.rpm

6.4 Source Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2003-003.0/SRPMS

6.5 Source Packages

b19f59dedcd9b2382a41c8af3cf056d0 wget-1.7.1-3.src.rpm


7. OpenLinux 3.1 Workstation

7.1 Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2003-003.0/RPMS

7.2 Packages

fbba3488352d9617a0b3b6507633c312 wget-1.7.1-3.i386.rpm

7.3 Installation

rpm -Fvh wget-1.7.1-3.i386.rpm

7.4 Source Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2003-003.0/SRPMS

7.5 Source Packages

7a30085d938ad07bde1f67267910a71d wget-1.7.1-3.src.rpm


8. References

Specific references for this advisory:

http://marc.theaimsgroup.com/?l=bugtraq&m=103962838628940&w=2
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1344
http://www.kb.cert.org/vuls/id/210148

SCO security resources:

http://www.sco.com/support/security/index.html

This security fix closes SCO incidents sr872622, fz526854,
erg712181.


9. Disclaimer

SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers intended
to promote secure installation and use of SCO products.


10. Acknowledgements

Stefano Zacchiroli and Steve Christey (coley@mitre.org)
discovered and researched these vulnerabilities.

__________________________________________________ ____________________________

--EVF5PPMfhYS0aIcm
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAj4nJmYACgkQbluZssSXDTGAVQCeKhGY5Pf9yu 8VB0Z+cvLY4cO4
QUsAoIPuxbOV0DTdkcraeK5Q7R/Z/YFh
=K/3N
-----END PGP SIGNATURE-----

--EVF5PPMfhYS0aIcm--