82708 2002-10-29  21:28  /201 rader/  <security@caldera.com>
Importerad: 2002-10-29  21:28  av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Extern mottagare: announce@lists.caldera.com
Extern mottagare: security-alerts@linuxsecurity.com
Extern mottagare: full-disclosure@lists.netsys.com
Externa svar till: please_reply_to_security@caldera.com
Mottagare: Bugtraq (import) <2148>
Ärende: Security Update: [CSSA-2002-039.0] Linux: bzip2 file creation and symbolic link vulnerabilities
------------------------------------------------------------
To: bugtraq@securityfocus.com announce@lists.caldera.com security-alerts@linuxsecurity.com full-disclosure@lists.netsys.com


______________________________________________________________________________

			SCO Security Advisory

Subject:		Linux: bzip2 file creation and symbolic link vulnerabilities 
Advisory number: 	CSSA-2002-039.0
Issue date: 		2002 October 29
Cross reference:
______________________________________________________________________________


1. Problem Description

	From the CVE Archives:

	bzip2 does not use the O_EXCL flag to create files during
	decompression and does not warn the user if an existing file
	would be overwritten, which could allow attackers to overwrite
	files via a bzip2 archive.

	bzip2 decompresses files with world-readable permissions
	before setting the permissions to what is specified in the
	bzip2 archive, which could allow local users to read the files
	as they are being decompressed.

	bzip2 uses the permissions of symbolic links instead of the
	actual files when creating an archive, which could cause the
	files to be extracted with less restrictive permissions than
	intended.


2. Vulnerable Supported Versions

	System				Package
	----------------------------------------------------------------------

	OpenLinux 3.1.1 Server		prior to bzip2-1.0.0-7MR.i386.rpm
					prior to bzip2-devel-1.0.0-7MR.i386.rpm
					prior to bzip2-devel-static-1.0.0-7MR.i386.rpm

	OpenLinux 3.1.1 Workstation	prior to bzip2-1.0.0-7MR.i386.rpm
					prior to bzip2-devel-1.0.0-7MR.i386.rpm
					prior to bzip2-devel-static-1.0.0-7MR.i386.rpm

	OpenLinux 3.1 Server		prior to bzip2-1.0.0-7MR.i386.rpm
					prior to bzip2-devel-1.0.0-7MR.i386.rpm
					prior to bzip2-devel-static-1.0.0-7MR.i386.rpm

	OpenLinux 3.1 Workstation	prior to bzip2-1.0.0-7MR.i386.rpm
					prior to bzip2-devel-1.0.0-7MR.i386.rpm
					prior to bzip2-devel-static-1.0.0-7MR.i386.rpm


3. Solution

	The proper solution is to install the latest packages. Many
	customers find it easier to use the Caldera System Updater,
	called cupdate (or kcupdate under the KDE environment), to
	update these packages rather than downloading and installing
	them by hand.


4. OpenLinux 3.1.1 Server

	4.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-039.0/RPMS

	4.2 Packages

	d54e80dafe3006f18d1d9498078f4bce
	bzip2-1.0.0-7MR.i386.rpm
	7eb4a45c2aa65aafd69fd1ef047e1bfd
	bzip2-devel-1.0.0-7MR.i386.rpm
	b4f91ed45d1e94b2547ce0950b0f49be
	bzip2-devel-static-1.0.0-7MR.i386.rpm

	4.3 Installation

	rpm -Fvh bzip2-1.0.0-7MR.i386.rpm
	rpm -Fvh bzip2-devel-1.0.0-7MR.i386.rpm
	rpm -Fvh bzip2-devel-static-1.0.0-7MR.i386.rpm

	4.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-039.0/SRPMS

	4.5 Source Packages

	8174f956fc4fba3686900cf77ceabf44
bzip2-1.0.0-7MR.src.rpm


5. OpenLinux 3.1.1 Workstation

	5.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-039.0/RPMS

	5.2 Packages

	e15555947c16f663962f38bae73ceb4a
	bzip2-1.0.0-7MR.i386.rpm
	a1d3bf363951dddc3eb745d4b23e7513
	bzip2-devel-1.0.0-7MR.i386.rpm
	19c8036ab3d61a96c0c09f0c08c78f3b
	bzip2-devel-static-1.0.0-7MR.i386.rpm

	5.3 Installation

	rpm -Fvh bzip2-1.0.0-7MR.i386.rpm
	rpm -Fvh bzip2-devel-1.0.0-7MR.i386.rpm
	rpm -Fvh bzip2-devel-static-1.0.0-7MR.i386.rpm

	5.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-039.0/SRPMS

	5.5 Source Packages

	d428ed2e4ea3f3577c8ff7fa6d7be12e
bzip2-1.0.0-7MR.src.rpm


6. OpenLinux 3.1 Server

	6.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-039.0/RPMS

	6.2 Packages

	525d5fe90e5b5aee993e46c665f51ab3
	bzip2-1.0.0-7MR.i386.rpm
	ec675b025cbae2d59755ce84dc440478
	bzip2-devel-1.0.0-7MR.i386.rpm
	4a82220ccec70af0a501cd3c1695a2bc
	bzip2-devel-static-1.0.0-7MR.i386.rpm

	6.3 Installation

	rpm -Fvh bzip2-1.0.0-7MR.i386.rpm
	rpm -Fvh bzip2-devel-1.0.0-7MR.i386.rpm
	rpm -Fvh bzip2-devel-static-1.0.0-7MR.i386.rpm

	6.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-039.0/SRPMS

	6.5 Source Packages

	14622634fec6589268c083a375fa50e6
bzip2-1.0.0-7MR.src.rpm


7. OpenLinux 3.1 Workstation

	7.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-039.0/RPMS

	7.2 Packages

	845b6f3c541e902c8a0737694a3e5e42
	bzip2-1.0.0-7MR.i386.rpm
	f7e1a4fe5697067d4acd8f87309dc032
	bzip2-devel-1.0.0-7MR.i386.rpm
	99e7937248d59ba576967c40469590d9
	bzip2-devel-static-1.0.0-7MR.i386.rpm

	7.3 Installation

	rpm -Fvh bzip2-1.0.0-7MR.i386.rpm
	rpm -Fvh bzip2-devel-1.0.0-7MR.i386.rpm
	rpm -Fvh bzip2-devel-static-1.0.0-7MR.i386.rpm

	7.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-039.0/SRPMS

	7.5 Source Packages

	654e85390b806e357e881189b2968b2d
bzip2-1.0.0-7MR.src.rpm


8. References

	Specific references for this advisory:
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0759
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0760
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0761

	SCO security resources:
		http://www.sco.com/support/security/index.html

	This security fix closes SCO incidents sr864842, fz521049,
	erg712052.


9. Disclaimer

	SCO is not responsible for the misuse of any of the
	information we provide on this website and/or through our
	security advisories. Our advisories are a service to our
	customers intended to promote secure installation and use of
	SCO products.


10. Acknowledgements

	Volker Schmidt and Philippe Troin discovered and researched
	these vulnerabilities.

______________________________________________________________________________
(82708) / <security@caldera.com>/---------(Ombruten)
Bilaga (application/pgp-signature) i text 82709
82709 2002-10-29  21:28  /9 rader/  <security@caldera.com>
Importerad: 2002-10-29  21:28  av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Extern mottagare: announce@lists.caldera.com
Extern mottagare: security-alerts@linuxsecurity.com
Extern mottagare: full-disclosure@lists.netsys.com
Externa svar till: please_reply_to_security@caldera.com
Mottagare: Bugtraq (import) <2149>
Bilaga (text/plain) till text 82708
Ärende: Bilaga till: Security Update: [CSSA-2002-039.0] Linux: bzip2 file creation and symbolic link vulnerabilities
------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAj2+7QUACgkQbluZssSXDTFvXQCfZvrvl0Jt7RQmC8q4We3+n2ZU
HK4Anj+8tPs9mv+EXA0rTwgWhfMgjIdk
=un3d
-----END PGP SIGNATURE-----
(82709) / <security@caldera.com>/-------------------