To: bugtraqat_private announceat_private security-alertsat_private ______________________________________________________________________________ SCO Security Advisory Subject: Linux: apcupsd remote root vulnerability and buffer overflows Advisory number: CSSA-2003-015.0 Issue date: 2003 March 25 Cross reference: ______________________________________________________________________________ 1. Problem Description From the CVE candidate desciptions: A vulnerability in apcupsd allows remote attackers to gain root privileges, possibly via format strings in a request to a slave server. Multiple buffer overflows in apcupsd may allow attackers to cause a denial of service or execute arbitrary code, related to usage of the vsprintf function. 2. Vulnerable Supported Versions System Package ---------------------------------------------------------------------- OpenLinux 3.1.1 Server prior to apcupsd-3.8.6-1.i386.rpm prior to apcupsd-cgi-3.8.6-1.i386.rpm prior to apcupsd-powerflute-3.8.6-1.i386.rpm OpenLinux 3.1 Server prior to apcupsd-3.8.6-1.i386.rpm prior to apcupsd-cgi-3.8.6-1.i386.rpm prior to apcupsd-powerflute-3.8.6-1.i386.rpm 3. Solution The proper solution is to install the latest packages. Many customers find it easier to use the Caldera System Updater, called cupdate (or kcupdate under the KDE environment), to update these packages rather than downloading and installing them by hand. 4. OpenLinux 3.1.1 Server 4.1 Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-015.0/RPMS 4.2 Packages a2c0d41800f62383c65f77858f0c3898 apcupsd-3.8.6-1.i386.rpm 13800369e6a5712eb02f00514e05eaf0 apcupsd-cgi-3.8.6-1.i386.rpm c6744b9f001474a9bb1dd9f59d3edbcd apcupsd-powerflute-3.8.6-1.i386.rpm 4.3 Installation rpm -Fvh apcupsd-3.8.6-1.i386.rpm rpm -Fvh apcupsd-cgi-3.8.6-1.i386.rpm rpm -Fvh apcupsd-powerflute-3.8.6-1.i386.rpm 4.4 Source Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-015.0/SRPMS 4.5 Source Packages 2efb5f90e0c02ffc08340308d29bc1bf apcupsd-3.8.6-1.src.rpm 5. OpenLinux 3.1 Server 5.1 Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2003-015.0/RPMS 5.2 Packages 2c04bd609f4b1949c56556719928ff50 apcupsd-3.8.6-1.i386.rpm 048ad400cb7c9a80ba16798ecde20c4a apcupsd-cgi-3.8.6-1.i386.rpm d8de392566a69a95f5e230af51918839 apcupsd-powerflute-3.8.6-1.i386.rpm 5.3 Installation rpm -Fvh apcupsd-3.8.6-1.i386.rpm rpm -Fvh apcupsd-cgi-3.8.6-1.i386.rpm rpm -Fvh apcupsd-powerflute-3.8.6-1.i386.rpm 5.4 Source Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2003-015.0/SRPMS 5.5 Source Packages 1d6fcff1a24702cc60ec0779a6512e0a apcupsd-3.8.6-1.src.rpm 6. References Specific references for this advisory: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0098 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0099 SCO security resources: http://www.sco.com/support/security/index.html This security fix closes SCO incidents sr876044, fz527560, erg712268. 7. Disclaimer SCO is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of SCO products. 8. Acknowledgements Highspeed Junkie (http://hsj.shadowpenguin.org/) discovered and researched the slave server vulnerability. ______________________________________________________________________________
This archive was generated by hypermail 2b30 : Tue Mar 25 2003 - 13:31:14 PST