====================================================================== Strategic Reconnisiance Team Security Advisory(SRT2001-03) Topic: SCO 5.0.6 MMDF issues (deliver) Vendor: SCO Release Date: 03/27/01 ====================================================================== .: Description SCO OpenServer 5.0.6 ships with a previously known buggy MMDF package. SCO Security Bulletin 2000.06 states "Recently Network Associates, Inc. issued a SECURITY ADVISORY against all versions of MMDF prior to the beta release 2.44a-B4" however SCO still released OpenServer 5.0.6 with version 2.43.3b of MMDF. deliver has poor processing of command line arguments resulting in a buffer overflow /opt/K/SCO/MMDF/2.43.3b/usr/mmdf/bin/deliver will core dump if fed more than 4085 chars. .: Impact /opt/K/SCO/MMDF/2.43.3b/usr/mmdf/bin/deliver `perl -e 'print "A" x 5000'` Memory fault - core dumped This problem makes it possible to overwrite memory space of the running process, and potentially execute code with the inherited privileges of root. .: Workaround chmod -s /opt/K/SCO/MMDF/2.43.3b/usr/mmdf/bin/deliver .: Systems Affected SCO OpenServer 5.0.6 upgrade from 5.0.x and 5.0.6 fresh install. .: Proof of Concept To be released at a later time. .: Vendor Status Vendor was notified on 03/22/01. Vendor lab tests confirmed the issue. Patch status is unknown. .: Credit Kevin Finisterre [EMAIL PROTECTED], [EMAIL PROTECTED] ====================================================================== ©Copyright 2001 Secure Network Operations , Inc. All Rights Reserved. Strategic Reconnisiance Team | [EMAIL PROTECTED] http://recon.snosoft.com | http://www.snosoft.com ----------------------------------------------------------------------
