-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SCO Security Advisory Subject: UnixWare 7.1.1 : Common Desktop Environment (CDE) dtlogin XDMCP parser improperly deallocates memory Advisory number: SCOSA-2004.4 Issue date: 2004 March 30 Cross reference: CAN-2004-0368 CERT Vulnerability Note VU#179804 ______________________________________________________________________________ 1. Problem Description A "double-free" vulnerability in the CDE dtlogin program could allow a remote attacker to execute arbitrary code or cause a denial of service on a vulnerable system. The Common Desktop Environment (CDE) is an integrated graphical user interface that runs on UNIX and Linux operating systems. The dtlogin program contains a "double-free" vulnerability that can be triggered by a specially crafted X Display Manager Control Protocol (XDMCP) packet. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0368 to this issue. 2. Vulnerable Supported Versions System Status ---------------------------------------------------------------------- UnixWare 7.1.1 affected Open Unix 8.0.0 (UnixWare 7.1.2) unaffected UnixWare 7.1.3 unaffected UnixWare 7.1.3 and Open Unix 8.0.0 are not vulnerable as shipped but customers should check their /usr/dt/config/Xconfig to make sure that XDMCP requests are disabled. 3. Workaround for UnixWare 7.1.1 The workaround is to disable listening for XDMCP requests from X-terminals or restrict XDMCP traffic 3.1 To disable XDMCP requests Edit /usr/dt/config/Xconfig. Change the line from #Dtlogin.requestPort: 0 to Dtlogin.requestPort: 0 3.2 Block XDMCP traffic (177/udp) from untrusted networks such as the Internet. Keep in mind that blocking ports at a network perimeter does not protect the vulnerable service from the internal network. In most cases, it is trivial for an attacker to spoof the source of a UDP packet, so restricting xdmcp access to specific IP addresses may be ineffective. Consider network configuration and service requirements before deciding what changes are appropriate. 4. References Specific references for this advisory: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0368 http://www.kb.cert.org/vuls/id/179804 SCO security resources: http://www.sco.com/support/security/index.html SCO security advisories via email: http://www.sco.com/support/forums/security.html 5. Disclaimer SCO is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of SCO products. 6. Acknowledgments SCO would like to thank Dave Aitel ______________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (SCO/UNIX_SVR5) iD8DBQFAawEBaqoBO7ipriERAg/jAKCFroi83+720BADXyTVomjBHcdVbQCcDNNI 4fNU/ekZdohojgi0uiwnFGg= =vowk -----END PGP SIGNATURE-----