Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:11552
HistoryFeb 22, 2006 - 12:00 a.m.

[Full-disclosure] SCOSA-2006.9 UnixWare 7.1.3 UnixWare 7.1.4 : Setuid ptrace Local Privilege Escalation Vulnerability

2006-02-2200:00:00
vulners.com
6
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

                    SCO Security Advisory

Subject: UnixWare 7.1.3 UnixWare 7.1.4 : Setuid ptrace Local Privilege
Escalation Vulnerability
Advisory number: SCOSA-2006.9
Issue date: 2006 February 21
Cross reference: fz533176
CVE-2005-2934

  1. Problem Description

     A local user can exploit the ptrace() system call to gain
 root privileges.
 
 The Common Vulnerabilities and Exposures project
 (cve.mitre.org) has assigned the name CVE-2005-2934 to
 this issue.

  2. Vulnerable Supported Versions

     System                          Binaries
 ----------------------------------------------------------------------
 UnixWare 7.1.3  /etc/conf/pack.d/sum/Driver_atup.o /etc/conf/pack.d/sum/Driver_mp.o
 UnixWare 7.1.4  /etc/conf/pack.d/sum/Driver_atup.o /etc/conf/pack.d/sum/Driver_mp.o

  3. Solution

     The proper solution is to install the latest packages.

  4. UnixWare 7.1.3

     4.1 Location of Fixed Binaries

 ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.9


 4.2 Verification

 a31512eee4940c6ba048a1b1878ac4fc  p533176.713.image

 md5 is available for download from
         ftp://ftp.sco.com/pub/security/tools


 4.3 Installing Fixed Binaries

 Upgrade the affected binaries with the following sequence:

 Download p533176.713.image to the /var/spool/pkg directory

 # pkgadd -d /var/spool/pkg/p533176.713.image

  5. UnixWare 7.1.4

     5.1 Location of Fixed Binaries

 ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.9


 5.2 Verification

 1b8fa986357036a8be043b642cc47e56  p533176.714.image

 md5 is available for download from
         ftp://ftp.sco.com/pub/security/tools


 5.3 Installing Fixed Binaries

 Upgrade the affected binaries with the following sequence:

 Download p533176.714.image to the /var/spool/pkg directory

 # pkgadd -d /var/spool/pkg/p533176.714.image

  6. References

     Specific references for this advisory:
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2934

 SCO security resources:
         http://www.sco.com/support/security/index.html

 SCO security advisories via email
         http://www.sco.com/support/forums/security.html

 This security fix closes SCO incidents fz533176.

  7. Disclaimer

     SCO is not responsible for the misuse of any of the information
 we provide on this website and/or through our security
 advisories. Our advisories are a service to our customers intended
 to promote secure installation and use of SCO products.

  8. Acknowledgments

     SCO would like to thank iDEFENSE for reporting this vulnerability.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (UnixWare)

iD8DBQFD+8opaqoBO7ipriERAjDDAJsGF+jQxvdXGodCYyOizM4zWX6kBwCdFlWc
+wSF78NCwxKxa9xx7cU3KMg=
=YZgG
-----END PGP SIGNATURE-----

Related

securityvulns 1
cve 1
securityvulns
securityvulns
iDefense Security Advisory 02.24.06: SCO Unixware Setuid ptrace Local Privilege Escalation Vulnerability
2006-02-25 00:00:00
cve
cve
CVE-2005-2934
2005-12-31 05:00:00
JSON
Related for SECURITYVULNS:DOC:11552
securityvulns1cve1