Date: Tue, 25 Mar 2003 13:19:53 -0800
From: security@sco.com
To: bugtraq@securityfocus.com, announce@lists.caldera.com,
Subject: Security Update: [CSSA-2003-015.0] Linux: apcupsd remote root vulnerability and buffer overflows
--J2SCkAp4GZ/dPZZf
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
To: bugtraq@securityfocus.com announce@lists.caldera.com security-alerts@linuxsecurity.com
______________________________________________________________________________
SCO Security Advisory
Subject: Linux: apcupsd remote root vulnerability and buffer overflows
Advisory number: CSSA-2003-015.0
Issue date: 2003 March 25
Cross reference:
______________________________________________________________________________
1. Problem Description
From the CVE candidate desciptions:
A vulnerability in apcupsd allows remote attackers to gain
root privileges, possibly via format strings in a request to a
slave server.
Multiple buffer overflows in apcupsd may allow attackers to
cause a denial of service or execute arbitrary code, related
to usage of the vsprintf function.
2. Vulnerable Supported Versions
System Package
----------------------------------------------------------------------
OpenLinux 3.1.1 Server prior to apcupsd-3.8.6-1.i386.rpm
prior to apcupsd-cgi-3.8.6-1.i386.rpm
prior to apcupsd-powerflute-3.8.6-1.i386.rpm
OpenLinux 3.1 Server prior to apcupsd-3.8.6-1.i386.rpm
prior to apcupsd-cgi-3.8.6-1.i386.rpm
prior to apcupsd-powerflute-3.8.6-1.i386.rpm
3. Solution
The proper solution is to install the latest packages. Many
customers find it easier to use the Caldera System Updater, called
cupdate (or kcupdate under the KDE environment), to update these
packages rather than downloading and installing them by hand.
4. OpenLinux 3.1.1 Server
4.1 Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-015.0/RPMS
4.2 Packages
a2c0d41800f62383c65f77858f0c3898 apcupsd-3.8.6-1.i386.rpm
13800369e6a5712eb02f00514e05eaf0 apcupsd-cgi-3.8.6-1.i386.rpm
c6744b9f001474a9bb1dd9f59d3edbcd apcupsd-powerflute-3.8.6-1.i386.rpm
4.3 Installation
rpm -Fvh apcupsd-3.8.6-1.i386.rpm
rpm -Fvh apcupsd-cgi-3.8.6-1.i386.rpm
rpm -Fvh apcupsd-powerflute-3.8.6-1.i386.rpm
4.4 Source Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-015.0/SRPMS
4.5 Source Packages
2efb5f90e0c02ffc08340308d29bc1bf apcupsd-3.8.6-1.src.rpm
5. OpenLinux 3.1 Server
5.1 Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2003-015.0/RPMS
5.2 Packages
2c04bd609f4b1949c56556719928ff50 apcupsd-3.8.6-1.i386.rpm
048ad400cb7c9a80ba16798ecde20c4a apcupsd-cgi-3.8.6-1.i386.rpm
d8de392566a69a95f5e230af51918839 apcupsd-powerflute-3.8.6-1.i386.rpm
5.3 Installation
rpm -Fvh apcupsd-3.8.6-1.i386.rpm
rpm -Fvh apcupsd-cgi-3.8.6-1.i386.rpm
rpm -Fvh apcupsd-powerflute-3.8.6-1.i386.rpm
5.4 Source Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2003-015.0/SRPMS
5.5 Source Packages
1d6fcff1a24702cc60ec0779a6512e0a apcupsd-3.8.6-1.src.rpm
6. References
Specific references for this advisory:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0098http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0099
SCO security resources:
http://www.sco.com/support/security/index.html
This security fix closes SCO incidents sr876044, fz527560,
erg712268.
7. Disclaimer
SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers intended
to promote secure installation and use of SCO products.
8. Acknowledgements
Highspeed Junkie (http://hsj.shadowpenguin.org/) discovered
and researched the slave server vulnerability.
______________________________________________________________________________
--J2SCkAp4GZ/dPZZf
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAj6Ax/kACgkQbluZssSXDTFDggCgyVG5mjlwhtZCSjyOzwaPvfwa
XpUAoKbWacgyIbJuiHIYIp5oNub98eGx
=DrH4
-----END PGP SIGNATURE-----
--J2SCkAp4GZ/dPZZf--
