===================================================================== CERT-Renater Note d'Information No. 2006/VULN122 _____________________________________________________________________ DATE : 30/03/2006 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : UnixWare 7.1.4 running libcurl. ====================================================================== ______________________________________________________________________________ SCO Security Advisory Subject: UnixWare 7.1.4 : libcurl URL Parsing Vulnerability Advisory number: SCOSA-2006.16 Issue date: 2006 March 28 Cross reference: fz533390 CVE-2005-4077 ______________________________________________________________________________ 1. Problem Description This vulnerability is caused due to an off-by-one error when parsing a URL that is longer than 256 bytes. By using a specially crafted URL, a two-byte overflow is reportedly possible. This may be exploited to corrupt memory allocation structures. The vulnerability is reportedly exploitable only via a direct request to cURL and not via a redirect. The vulnerability has been reported in version 7.15.0 and prior. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-4077 to this issue. 2. Vulnerable Supported Versions System Binaries ---------------------------------------------------------------------- UnixWare 7.1.4 The curl package 3. Solution The proper solution is to install the latest packages. 4. UnixWare 7.1.4 4.1 Location of Fixed Binaries ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.16 4.2 Verification MD5 (curl-7.15.1.pkg) = 62f7076f2d1096e131dd0e9780ee15fd md5 is available for download from ftp://ftp.sco.com/pub/security/tools 4.3 Installing Fixed Binaries Upgrade the affected binaries with the following sequence: Download curl-7.15.1.pkg to the /var/spool/pkg directory # pkgadd -d /var/spool/pkg/curl-7.15.1.pkg 5. References Specific references for this advisory: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4077 http://www.hardened-php.net/advisory_242005.109.html http://secunia.com/advisories/17907/ SCO security resources: http://www.sco.com/support/security/index.html SCO security advisories via email http://www.sco.com/support/forums/security.html This security fix closes SCO incidents fz533390. 6. Disclaimer SCO is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of SCO products. 7. Acknowledgments Provided and/or discovered by: Stefan Esser, Hardened PHP Project. ______________________________________________________________________________ ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================