Security Update: [CSSA-2002-057.0] Linux: groff pic buffer overflow

From: securityat_private
Date: Fri Dec 06 2002 - 16:30:34 PST

Next message: euronymous: "XSS and Path Disclosure in UPB"

Previous message: securityat_private: "[Full-Disclosure] Security Update: [CSSA-2002-057.0] Linux: groff pic buffer overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

To: bugtraqat_private announceat_private security-alertsat_private full-disclosureat_private


______________________________________________________________________________

			SCO Security Advisory

Subject:		Linux: groff pic buffer overflow
Advisory number: 	CSSA-2002-057.0
Issue date: 		2002 December 06
Cross reference:
______________________________________________________________________________


1. Problem Description

	groff pic(1) has a buffer overrun in argument handling. The
	problem could be remotely exploited depending on the lpd(8) setup.


2. Vulnerable Supported Versions

	System				Package
	----------------------------------------------------------------------

	OpenLinux 3.1.1 Server		prior to groff-1.17.2-3.i386.rpm
					prior to groff-dvi-1.17.2-3.i386.rpm
					prior to groff-gxditview-1.17.2-3.i386.rpm
					prior to groff-lj4-1.17.2-3.i386.rpm
					prior to groff-misc-1.17.2-3.i386.rpm
					prior to groff-ps-1.17.2-3.i386.rpm

	OpenLinux 3.1.1 Workstation	prior to groff-1.17.2-3.i386.rpm
					prior to groff-dvi-1.17.2-3.i386.rpm
					prior to groff-gxditview-1.17.2-3.i386.rpm
					prior to groff-lj4-1.17.2-3.i386.rpm
					prior to groff-misc-1.17.2-3.i386.rpm
					prior to groff-ps-1.17.2-3.i386.rpm

	OpenLinux 3.1 Server		prior to groff-1.17.2-3.i386.rpm
					prior to groff-dvi-1.17.2-3.i386.rpm
					prior to groff-gxditview-1.17.2-3.i386.rpm
					prior to groff-lj4-1.17.2-3.i386.rpm
					prior to groff-misc-1.17.2-3.i386.rpm
					prior to groff-ps-1.17.2-3.i386.rpm

	OpenLinux 3.1 Workstation	prior to groff-1.17.2-3.i386.rpm
					prior to groff-dvi-1.17.2-3.i386.rpm
					prior to groff-gxditview-1.17.2-3.i386.rpm
					prior to groff-lj4-1.17.2-3.i386.rpm
					prior to groff-misc-1.17.2-3.i386.rpm
					prior to groff-ps-1.17.2-3.i386.rpm


3. Solution

	The proper solution is to install the latest packages. Many
	customers find it easier to use the Caldera System Updater, called
	cupdate (or kcupdate under the KDE environment), to update these
	packages rather than downloading and installing them by hand.


4. OpenLinux 3.1.1 Server

	4.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-057.0/RPMS

	4.2 Packages

	97cde53f8a034e27c157787233fa7a82	groff-1.17.2-3.i386.rpm
	1f4f7c5c7c9bfe5ba26d9d7c86ca2f1c	groff-dvi-1.17.2-3.i386.rpm
	41a8769b87457634e80f2d17e548c616	groff-gxditview-1.17.2-3.i386.rpm
	02a850bb6b19a6a2e3d01b04bf78daa7	groff-lj4-1.17.2-3.i386.rpm
	bfbbc855cdbe94f96b62e94ffdc5888f	groff-misc-1.17.2-3.i386.rpm
	3ab443231dbad7ade9bbd326994fdfcc	groff-ps-1.17.2-3.i386.rpm

	4.3 Installation

	rpm -Fvh groff-1.17.2-3.i386.rpm
	rpm -Fvh groff-dvi-1.17.2-3.i386.rpm
	rpm -Fvh groff-gxditview-1.17.2-3.i386.rpm
	rpm -Fvh groff-lj4-1.17.2-3.i386.rpm
	rpm -Fvh groff-misc-1.17.2-3.i386.rpm
	rpm -Fvh groff-ps-1.17.2-3.i386.rpm

	4.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-057.0/SRPMS

	4.5 Source Packages

	15053a07e89f2942bad9ad5b488c41fe	groff-1.17.2-3.src.rpm


5. OpenLinux 3.1.1 Workstation

	5.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-057.0/RPMS

	5.2 Packages

	08e9e164e48ffd2c78615626d5ce3522	groff-1.17.2-3.i386.rpm
	4460abd26d248c085e6c585aec7f9e21	groff-dvi-1.17.2-3.i386.rpm
	760ae3d622edcad7b02b624ec476b40b	groff-gxditview-1.17.2-3.i386.rpm
	27b39c6715d3e48003f28bced286d4d7	groff-lj4-1.17.2-3.i386.rpm
	8e9dd615b204e90442dd43dbeec451c4	groff-misc-1.17.2-3.i386.rpm
	e190652ae7ca2114030c84695df9e8ed	groff-ps-1.17.2-3.i386.rpm

	5.3 Installation

	rpm -Fvh groff-1.17.2-3.i386.rpm
	rpm -Fvh groff-dvi-1.17.2-3.i386.rpm
	rpm -Fvh groff-gxditview-1.17.2-3.i386.rpm
	rpm -Fvh groff-lj4-1.17.2-3.i386.rpm
	rpm -Fvh groff-misc-1.17.2-3.i386.rpm
	rpm -Fvh groff-ps-1.17.2-3.i386.rpm

	5.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-057.0/SRPMS

	5.5 Source Packages

	4acd593c12f55c6c7795012f84f3623a	groff-1.17.2-3.src.rpm


6. OpenLinux 3.1 Server

	6.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-057.0/RPMS

	6.2 Packages

	946532956ed956cf42b332700868e4bc	groff-1.17.2-3.i386.rpm
	d2bc6dd3aeeed36c90e14c0d46aa2b32	groff-dvi-1.17.2-3.i386.rpm
	13f990458b949b7df79db98050d92559	groff-gxditview-1.17.2-3.i386.rpm
	c18d911b5d99d426580d4218873a8d57	groff-lj4-1.17.2-3.i386.rpm
	7a9aaa904516e2e0ffa5b01ea980b83f	groff-misc-1.17.2-3.i386.rpm
	ea9b3c243df36e9296ac83a65273de8e	groff-ps-1.17.2-3.i386.rpm

	6.3 Installation

	rpm -Fvh groff-1.17.2-3.i386.rpm
	rpm -Fvh groff-dvi-1.17.2-3.i386.rpm
	rpm -Fvh groff-gxditview-1.17.2-3.i386.rpm
	rpm -Fvh groff-lj4-1.17.2-3.i386.rpm
	rpm -Fvh groff-misc-1.17.2-3.i386.rpm
	rpm -Fvh groff-ps-1.17.2-3.i386.rpm

	6.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-057.0/SRPMS

	6.5 Source Packages

	6cf0963d7198051216a47f0e58bf5872	groff-1.17.2-3.src.rpm


7. OpenLinux 3.1 Workstation

	7.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-057.0/RPMS

	7.2 Packages

	8e140f667d10307b46e997a549cb9d48	groff-1.17.2-3.i386.rpm
	4e0d4ce0a07867813444e3b11c78582a	groff-dvi-1.17.2-3.i386.rpm
	5f66f8e114051363176a8c76b7129c91	groff-gxditview-1.17.2-3.i386.rpm
	3b095e1cb90d8bd9514240e14e6a60a9	groff-lj4-1.17.2-3.i386.rpm
	a86a1ad1879fd5c16535fd556ee8c9c9	groff-misc-1.17.2-3.i386.rpm
	f14fb8511b91801c3adadd1681e68d98	groff-ps-1.17.2-3.i386.rpm

	7.3 Installation

	rpm -Fvh groff-1.17.2-3.i386.rpm
	rpm -Fvh groff-dvi-1.17.2-3.i386.rpm
	rpm -Fvh groff-gxditview-1.17.2-3.i386.rpm
	rpm -Fvh groff-lj4-1.17.2-3.i386.rpm
	rpm -Fvh groff-misc-1.17.2-3.i386.rpm
	rpm -Fvh groff-ps-1.17.2-3.i386.rpm

	7.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-057.0/SRPMS

	7.5 Source Packages

	d7697033c30c1c8027bdaf6fb2cc0e4a	groff-1.17.2-3.src.rpm


8. References

	Specific references for this advisory:

		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0003
		http://online.securityfocus.com/bid/3103

	SCO security resources:

		http://www.sco.com/support/security/index.html

	This security fix closes SCO incidents sr870253, fz526301,
	erg712142.


9. Disclaimer

	SCO is not responsible for the misuse of any of the information
	we provide on this website and/or through our security
	advisories. Our advisories are a service to our customers intended
	to promote secure installation and use of SCO products.


10. Acknowledgements

	zen-parse discovered and investigated this vulnerability.

______________________________________________________________________________

application/pgp-signature attachment: stored

Next message: euronymous: "XSS and Path Disclosure in UPB"
Previous message: securityat_private: "[Full-Disclosure] Security Update: [CSSA-2002-057.0] Linux: groff pic buffer overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat Dec 07 2002 - 12:46:40 PST