 | ||||||
| << Previous | INDEX | Search | src | Set bookmark | Go to bookmark | Next >> |
| ||||||
| |||||||||||||||||||||
From: SecuriTeam <support@securiteam.com.> To: list@securiteam.com Date: 13 Dec 2005 17:27:36 +0200 Subject: [UNIX] SCO Unixware Setuid 'uidadmin' Scheme Buffer Overflow Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-Id: <20051213180617.40BA5594B@mail.tyumen.ru.> X-Virus-Scanned: antivirus-gw at tyumen.ru The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source. http://www.securiteam.com/mailinglist.html - - - - - - - - - SCO Unixware Setuid 'uidadmin' Scheme Buffer Overflow ------------------------------------------------------------------------ SUMMARY " <http://www.sco.com/>; SCO Unixware is a Unix operating system that runs on many OEM platforms." Local exploitation of a buffer overflow vulnerability in the uidadmin binary included in multiple versions of The SCO Group Inc.'s Unixware allows attackers to gain root privileges and execute arbitrary code. DETAILS Vulnerable Systems: * SCO Unixware version 7.1.3 * SCO Unixware version 7.1.4 The vulnerability specifically exists because of a failure to check the length of user specified file input. If the user prepares a file longer than 1,600 bytes and supplies the path to that file using the "-S" option of uidadmin, a stack based buffer overflow occurs. This leads to the execution of arbitrary code with root privileges, as uidadmin is setuid root by default. Successful exploitation of this vulnerability requires that a user have local access to the system. This would allow the user to gain super user privileges and execute arbitrary code. Vendor Status: The vendor has released the following update to address this vulnerability: <ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.54>; ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.54 CVE Information: <http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3903>; CVE-2005-3903 Disclosure Timeline: 10/12/2005 - Initial vendor notification 10/13/2005 - Initial vendor response 12/12/2005 - Coordinated public disclosure ADDITIONAL INFORMATION The information has been provided by <mailto:idlabs-advisories@lists.idefense.com.> iDEFENSE. The original article can be found at: <http://www.idefense.com/application/poi/display?id=350&type=vulnerabilities&flashstatus=true>; http://www.idefense.com/application/poi/display?id=350&type=vulnerabilities
This bulletin is sent to members of the SecuriTeam mailing list. To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
DISCLAIMER: The information in this bulletin is provided "AS IS" without warranty of any kind. In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
| |||||||||||||||||||||
|
|
|
