85135 2002-11-22 13:37 /106 rader/ <security@caldera.com> Importerad: 2002-11-22 13:37 av Brevbäraren Extern mottagare: bugtraq@securityfocus.com Extern mottagare: announce@lists.caldera.com Extern mottagare: security-alerts@linuxsecurity.com Extern mottagare: full-disclosure@lists.netsys.com Externa svar till: please_reply_to_security@caldera.com Mottagare: Bugtraq (import) <2490> Ärende: Security Update: [CSSA-2002-048.0] Linux: wwwoffled remote access vulnerability ------------------------------------------------------------ To: bugtraq@securityfocus.com announce@lists.caldera.com security-alerts@linuxsecurity.com full-disclosure@lists.netsys.com ______________________________________________________________________________ SCO Security Advisory Subject: Linux: wwwoffled remote access vulnerability Advisory number: CSSA-2002-048.0 Issue date: 2002 November 18 Cross reference: ______________________________________________________________________________ 1. Problem Description wwwoffled allows remote attackers to cause a denial of service and possibly execute arbitrary code via a negative Content-Length value. 2. Vulnerable Supported Versions System Package ---------------------------------------------------------------------- OpenLinux 3.1.1 Workstation prior to wwwoffle-2.6b-3MR.i386.rpm OpenLinux 3.1 Workstation prior to wwwoffle-2.6b-3MR.i386.rpm 3. Solution The proper solution is to install the latest packages. Many customers find it easier to use the Caldera System Updater, called cupdate (or kcupdate under the KDE environment), to update these packages rather than downloading and installing them by hand. 4. OpenLinux 3.1.1 Workstation 4.1 Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-048.0/RPMS 4.2 Packages d54de95d9db4d19501e6b50ef63f2e31 wwwoffle-2.6b-3MR.i386.rpm 4.3 Installation rpm -Fvh wwwoffle-2.6b-3MR.i386.rpm 4.4 Source Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-048.0/SRPMS 4.5 Source Packages 1e8f25979fdc99dc6b3652927fa1a98a wwwoffle-2.6b-3MR.src.rpm 5. OpenLinux 3.1 Workstation 5.1 Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-048.0/RPMS 5.2 Packages c75848533ab650ef06bb7910eca73946 wwwoffle-2.6b-3MR.i386.rpm 5.3 Installation rpm -Fvh wwwoffle-2.6b-3MR.i386.rpm 5.4 Source Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-048.0/SRPMS 5.5 Source Packages 9b8e3cf1987bc4d08cf9782eea2e2c9e wwwoffle-2.6b-3MR.src.rpm 6. References Specific references for this advisory: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0818 SCO security resources: http://www.sco.com/support/security/index.html This security fix closes SCO incidents sr867510, fz525781, erg501645. 7. Disclaimer SCO is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of SCO products. ______________________________________________________________________________ (85135) / <security@caldera.com>/---------(Ombruten) Bilaga (application/pgp-signature) i text 85136 85136 2002-11-22 13:37 /9 rader/ <security@caldera.com> Importerad: 2002-11-22 13:37 av Brevbäraren Extern mottagare: bugtraq@securityfocus.com Extern mottagare: announce@lists.caldera.com Extern mottagare: security-alerts@linuxsecurity.com Extern mottagare: full-disclosure@lists.netsys.com Externa svar till: please_reply_to_security@caldera.com Mottagare: Bugtraq (import) <2491> Bilaga (text/plain) till text 85135 Ärende: Bilaga till: Security Update: [CSSA-2002-048.0] Linux: wwwoffled remote access vulnerability ------------------------------------------------------------ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (SCO_SV) Comment: For info see http://www.gnupg.org iEYEARECAAYFAj3ZeCAACgkQbluZssSXDTGYZwCfTOtIGcYVBPy8ABteVPuruiUo O/oAoO/cJzFIHo12eZsKvuqJSsUvcK3J =xnR1 -----END PGP SIGNATURE----- (85136) / <security@caldera.com>/-------------------