=====================================================================
                                    CERT-Renater

                         Note d'Information No. 2006/VULN122
_____________________________________________________________________

DATE                      : 30/03/2006

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : UnixWare 7.1.4 running libcurl.

======================================================================

______________________________________________________________________________

			SCO Security Advisory

Subject:		UnixWare 7.1.4 : libcurl URL Parsing Vulnerability
Advisory number: 	SCOSA-2006.16
Issue date: 		2006 March 28
Cross reference:	fz533390
			CVE-2005-4077
______________________________________________________________________________


1. Problem Description

	This vulnerability is caused due to an off-by-one error
	when parsing a URL that is longer than 256 bytes. By using
	a specially crafted URL, a two-byte overflow is reportedly
	possible. This may be exploited to corrupt memory allocation
	structures. The vulnerability is reportedly exploitable
	only via a direct request to cURL and not via a redirect.
	The vulnerability has been reported in version 7.15.0 and
	prior.
	
	The Common Vulnerabilities and Exposures project
	(cve.mitre.org) has assigned the name CVE-2005-4077 to
	this issue.


2. Vulnerable Supported Versions

	System				Binaries
	----------------------------------------------------------------------
	UnixWare 7.1.4 			The curl package


3. Solution

	The proper solution is to install the latest packages.


4. UnixWare 7.1.4

	4.1 Location of Fixed Binaries

	ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.16


	4.2 Verification

	MD5 (curl-7.15.1.pkg) = 62f7076f2d1096e131dd0e9780ee15fd

	md5 is available for download from
		ftp://ftp.sco.com/pub/security/tools


	4.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following sequence:

	Download curl-7.15.1.pkg to the /var/spool/pkg directory

	# pkgadd -d /var/spool/pkg/curl-7.15.1.pkg


5. References

	Specific references for this advisory:
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4077
		http://www.hardened-php.net/advisory_242005.109.html
		http://secunia.com/advisories/17907/

	SCO security resources:
		http://www.sco.com/support/security/index.html

	SCO security advisories via email
		http://www.sco.com/support/forums/security.html

	This security fix closes SCO incidents fz533390.


6. Disclaimer

	SCO is not responsible for the misuse of any of the information
	we provide on this website and/or through our security
	advisories. Our advisories are a service to our customers intended
	to promote secure installation and use of SCO products.


7. Acknowledgments

	Provided and/or discovered by: Stefan Esser, Hardened PHP Project.

______________________________________________________________________________

======================================================================

           =========================================================
           Les serveurs de référence du CERT-Renater
           http://www.urec.fr/securite
           http://www.cru.fr/securite
           http://www.renater.fr
           =========================================================
           + CERT-RENATER          | tel : 01-53-94-20-44          +
           + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
           + 75013 Paris           | email: certsvp@renater.fr     +
           =========================================================