Login
Newsletter
Werbung

Sicherheit: Pufferüberlauf in groff
Aktuelle Meldungen Distributionen
Name: Pufferüberlauf in groff
ID: CSSA-2002-057.0
Distribution: Caldera
Plattformen: Caldera Server 3.1, Caldera Workstation 3.1, Caldera Server 3.1.1, Caldera Workstation 3.1.1
Datum: Sa, 7. Dezember 2002, 12:00
Referenzen: Keine Angabe
Applikationen: Groff

Originalnachricht

--J/dobhs11T7y2rNN
Content-Disposition: inline

To: bugtraq@securityfocus.com announce@lists.caldera.com
security-alerts@linuxsecurity.com full-disclosure@lists.netsys.com


______________________________________________________________________________

SCO Security Advisory

Subject: Linux: groff pic buffer overflow
Advisory number: CSSA-2002-057.0
Issue date: 2002 December 06
Cross reference:
______________________________________________________________________________


1. Problem Description

groff pic(1) has a buffer overrun in argument handling. The
problem could be remotely exploited depending on the lpd(8) setup.


2. Vulnerable Supported Versions

System Package
----------------------------------------------------------------------

OpenLinux 3.1.1 Server prior to groff-1.17.2-3.i386.rpm
prior to groff-dvi-1.17.2-3.i386.rpm
prior to groff-gxditview-1.17.2-3.i386.rpm
prior to groff-lj4-1.17.2-3.i386.rpm
prior to groff-misc-1.17.2-3.i386.rpm
prior to groff-ps-1.17.2-3.i386.rpm

OpenLinux 3.1.1 Workstation prior to groff-1.17.2-3.i386.rpm
prior to groff-dvi-1.17.2-3.i386.rpm
prior to groff-gxditview-1.17.2-3.i386.rpm
prior to groff-lj4-1.17.2-3.i386.rpm
prior to groff-misc-1.17.2-3.i386.rpm
prior to groff-ps-1.17.2-3.i386.rpm

OpenLinux 3.1 Server prior to groff-1.17.2-3.i386.rpm
prior to groff-dvi-1.17.2-3.i386.rpm
prior to groff-gxditview-1.17.2-3.i386.rpm
prior to groff-lj4-1.17.2-3.i386.rpm
prior to groff-misc-1.17.2-3.i386.rpm
prior to groff-ps-1.17.2-3.i386.rpm

OpenLinux 3.1 Workstation prior to groff-1.17.2-3.i386.rpm
prior to groff-dvi-1.17.2-3.i386.rpm
prior to groff-gxditview-1.17.2-3.i386.rpm
prior to groff-lj4-1.17.2-3.i386.rpm
prior to groff-misc-1.17.2-3.i386.rpm
prior to groff-ps-1.17.2-3.i386.rpm


3. Solution

The proper solution is to install the latest packages. Many
customers find it easier to use the Caldera System Updater, called
cupdate (or kcupdate under the KDE environment), to update these
packages rather than downloading and installing them by hand.


4. OpenLinux 3.1.1 Server

4.1 Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-057.0/RPMS

4.2 Packages

97cde53f8a034e27c157787233fa7a82 groff-1.17.2-3.i386.rpm
1f4f7c5c7c9bfe5ba26d9d7c86ca2f1c groff-dvi-1.17.2-3.i386.rpm
41a8769b87457634e80f2d17e548c616 groff-gxditview-1.17.2-3.i386.rpm
02a850bb6b19a6a2e3d01b04bf78daa7 groff-lj4-1.17.2-3.i386.rpm
bfbbc855cdbe94f96b62e94ffdc5888f groff-misc-1.17.2-3.i386.rpm
3ab443231dbad7ade9bbd326994fdfcc groff-ps-1.17.2-3.i386.rpm

4.3 Installation

rpm -Fvh groff-1.17.2-3.i386.rpm
rpm -Fvh groff-dvi-1.17.2-3.i386.rpm
rpm -Fvh groff-gxditview-1.17.2-3.i386.rpm
rpm -Fvh groff-lj4-1.17.2-3.i386.rpm
rpm -Fvh groff-misc-1.17.2-3.i386.rpm
rpm -Fvh groff-ps-1.17.2-3.i386.rpm

4.4 Source Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-057.0/SRPMS

4.5 Source Packages

15053a07e89f2942bad9ad5b488c41fe groff-1.17.2-3.src.rpm


5. OpenLinux 3.1.1 Workstation

5.1 Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-057.0/RPMS

5.2 Packages

08e9e164e48ffd2c78615626d5ce3522 groff-1.17.2-3.i386.rpm
4460abd26d248c085e6c585aec7f9e21 groff-dvi-1.17.2-3.i386.rpm
760ae3d622edcad7b02b624ec476b40b groff-gxditview-1.17.2-3.i386.rpm
27b39c6715d3e48003f28bced286d4d7 groff-lj4-1.17.2-3.i386.rpm
8e9dd615b204e90442dd43dbeec451c4 groff-misc-1.17.2-3.i386.rpm
e190652ae7ca2114030c84695df9e8ed groff-ps-1.17.2-3.i386.rpm

5.3 Installation

rpm -Fvh groff-1.17.2-3.i386.rpm
rpm -Fvh groff-dvi-1.17.2-3.i386.rpm
rpm -Fvh groff-gxditview-1.17.2-3.i386.rpm
rpm -Fvh groff-lj4-1.17.2-3.i386.rpm
rpm -Fvh groff-misc-1.17.2-3.i386.rpm
rpm -Fvh groff-ps-1.17.2-3.i386.rpm

5.4 Source Package Location

SRPMS

5.5 Source Packages

4acd593c12f55c6c7795012f84f3623a groff-1.17.2-3.src.rpm


6. OpenLinux 3.1 Server

6.1 Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-057.0/RPMS

6.2 Packages

946532956ed956cf42b332700868e4bc groff-1.17.2-3.i386.rpm
d2bc6dd3aeeed36c90e14c0d46aa2b32 groff-dvi-1.17.2-3.i386.rpm
13f990458b949b7df79db98050d92559 groff-gxditview-1.17.2-3.i386.rpm
c18d911b5d99d426580d4218873a8d57 groff-lj4-1.17.2-3.i386.rpm
7a9aaa904516e2e0ffa5b01ea980b83f groff-misc-1.17.2-3.i386.rpm
ea9b3c243df36e9296ac83a65273de8e groff-ps-1.17.2-3.i386.rpm

6.3 Installation

rpm -Fvh groff-1.17.2-3.i386.rpm
rpm -Fvh groff-dvi-1.17.2-3.i386.rpm
rpm -Fvh groff-gxditview-1.17.2-3.i386.rpm
rpm -Fvh groff-lj4-1.17.2-3.i386.rpm
rpm -Fvh groff-misc-1.17.2-3.i386.rpm
rpm -Fvh groff-ps-1.17.2-3.i386.rpm

6.4 Source Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-057.0/SRPMS

6.5 Source Packages

6cf0963d7198051216a47f0e58bf5872 groff-1.17.2-3.src.rpm


7. OpenLinux 3.1 Workstation

7.1 Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-057.0/RPMS

7.2 Packages

8e140f667d10307b46e997a549cb9d48 groff-1.17.2-3.i386.rpm
4e0d4ce0a07867813444e3b11c78582a groff-dvi-1.17.2-3.i386.rpm
5f66f8e114051363176a8c76b7129c91 groff-gxditview-1.17.2-3.i386.rpm
3b095e1cb90d8bd9514240e14e6a60a9 groff-lj4-1.17.2-3.i386.rpm
a86a1ad1879fd5c16535fd556ee8c9c9 groff-misc-1.17.2-3.i386.rpm
f14fb8511b91801c3adadd1681e68d98 groff-ps-1.17.2-3.i386.rpm

7.3 Installation

rpm -Fvh groff-1.17.2-3.i386.rpm
rpm -Fvh groff-dvi-1.17.2-3.i386.rpm
rpm -Fvh groff-gxditview-1.17.2-3.i386.rpm
rpm -Fvh groff-lj4-1.17.2-3.i386.rpm
rpm -Fvh groff-misc-1.17.2-3.i386.rpm
rpm -Fvh groff-ps-1.17.2-3.i386.rpm

7.4 Source Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-057.0/SRPMS

7.5 Source Packages

d7697033c30c1c8027bdaf6fb2cc0e4a groff-1.17.2-3.src.rpm


8. References

Specific references for this advisory:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0003
http://online.securityfocus.com/bid/3103

SCO security resources:

http://www.sco.com/support/security/index.html

This security fix closes SCO incidents sr870253, fz526301,
erg712142.


9. Disclaimer

SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers intended
to promote secure installation and use of SCO products.


10. Acknowledgements

zen-parse discovered and investigated this vulnerability.

______________________________________________________________________________

--J/dobhs11T7y2rNN
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAj3xQSoACgkQbluZssSXDTFWYQCeMgni87mkodmzHtiYcy5klFKk
610AniphbxJ73EvBuTqSDYNJyVR+Mb3G
=icJZ
-----END PGP SIGNATURE-----

--J/dobhs11T7y2rNN--
Pro-Linux
Gewinnspiel
Neue Nachrichten
Werbung