From security@sco.com Thu Mar 16 18:27:21 2006
From: SCO Security Advisories <security@sco.com>
To: security-announce@list.sco.com
Date: Thu, 16 Mar 2006 12:56:32 -0800
Subject: [Full-disclosure] SCOSA-2006.13 OpenServer 6.0.0 : Vim ModeLines Further Variant Arbitrary Command Execution Vulnerability


-- 
Dr. Ronald Joe Record
Chief Security Officer
SCO
rr@sco.com

    [ Part 2: "Attached Text" ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________

			SCO Security Advisory

Subject:		OpenServer 6.0.0 : Vim ModeLines Further Variant Arbitrary Command Execution Vulnerability
Advisory number: 	SCOSA-2006.13
Issue date: 		2006 March 16
Cross reference:	fz533037
			CVE-2005-2368 
______________________________________________________________________________


1. Problem Description

	Vim is susceptible to an arbitrary command execution
	vulnerability with ModeLines. This issue is due to insufficient
	sanitization of user-supplied input.
	
	By modifying a text file to include ModeLines containing the
	'glob()', or 'expand()' functions with shell metacharacters,
	attackers may cause arbitrary commands to be executed.
	
	This vulnerability allows an attacker to execute arbitrary
	commands with the privileges of the vim user. This gives
	an attacker the ability to gain remote access to computers
	running the vulnerable software.
	
	The Common Vulnerabilities and Exposures project
	(cve.mitre.org) has assigned the name CVE-2005-2368 to
	this issue.


2. Vulnerable Supported Versions

	System				Binaries
	----------------------------------------------------------------------
	OpenServer 6.0.0 		vim package


3. Solution

	The proper solution is to install the latest packages.


4. OpenServer 6.0.0

	4.1 Location of Fixed Binaries

	ftp://ftp.sco.com/pub/openserver6/600/mp/osr600mp2/osr600mp2.iso


	4.2 Verification

	MD5 (osr600mp2.iso) = 7e560dcde374eb60df2b4a599ac20d8a

	md5 is available for download from
		ftp://ftp.sco.com/pub/security/tools


	4.3 Installing Fixed Binaries

	See the SCO OpenServer Release 6.0.0 Maintenance Pack 2 Release
	and Installation Notes:

	ftp://ftp.sco.com/pub/openserver6/600/mp/osr600mp2/osr600mp2.html


5. References

	Specific references for this advisory:
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2368
		http://www.securityfocus.com/bid/14374

	SCO security resources:
		http://www.sco.com/support/security/index.html

	SCO security advisories via email
		http://www.sco.com/support/forums/security.html

	This security fix closes SCO incidents fz533037.


6. Disclaimer

	SCO is not responsible for the misuse of any of the information
	we provide on this website and/or through our security
	advisories. Our advisories are a service to our customers intended
	to promote secure installation and use of SCO products.


7. Acknowledgments

	Discovery of this issue is credited to Georgi Guninski.
	http://www.guninski.com/


______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (SCO_SV)

iD8DBQFEGbnoaqoBO7ipriERAs1SAJ9Xqgfah0YmwSGNsOF8noRa9DOIRACfWU4d
mu7UzRh6yVSqBY1qDXfge9Y=
=jHsA
-----END PGP SIGNATURE-----

    [ Part 3: "Attached Text" ]

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/