The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Open Motif: buffer overflow of libUil

Synthesis of the vulnerability 

An attacker can generate two overflows in libUil library of Open Motif.
Impacted systems: Fedora, RHEL, Unix (platform) ~ not comprehensive.
Severity of this alert: 2/4.
Creation date: 02/12/2005.
Références of this alert: 20060404-01-U, BID-15678, BID-15684, BID-15686, CVE-2005-3964, FEDORA-2006-854, RHSA-2006:027, RHSA-2006:0272-01, RHSA-2008:0261-01, RHSA-2008:0524-01, VIGILANCE-VUL-5393, xfocus-SD-051202.

Description of the vulnerability 

The Open Motif product implements the motif standard used for creating graphical user interfaces (IEEE 1295).

Open Motif contains two overflows:
 - vsprintf() is used in Clients/uil/UilDiags.c
 - strcpy() is used in Clients/uil/UilSrcSrc.c

These overflows permit an attacker to run code with user rights.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This computer threat note impacts software or systems such as Fedora, RHEL, Unix (platform) ~ not comprehensive.

Our Vigil@nce team determined that the severity of this weakness alert is medium.

The trust level is of type confirmed by the editor, with an origin of internet client.

An attacker with a expert ability can exploit this computer weakness note.

Solutions for this threat 

Fedora Core 4: new openmotif packages.
New packages are available:
    http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/
1986d516022db61b81354267229da611f7006394 SRPMS/openmotif-2.2.3-10.FC4.2.src.rpm
1986d516022db61b81354267229da611f7006394 noarch/openmotif-2.2.3-10.FC4.2.src.rpm
139e33fe6efb6ce47a9b6eb020b05fb0b08b4ab4 ppc/openmotif-2.2.3-10.FC4.2.ppc.rpm
68a77e1d1fdf00e54f729615f17856a669a275eb ppc/openmotif-devel-2.2.3-10.FC4.2.ppc.rpm
66354127f2abb715cc95712c4791e799bab2278b ppc/debug/openmotif-debuginfo-2.2.3-10.FC4.2.ppc.rpm
fdee588cc753ef7c32a66744b952141ef66686eb x86_64/openmotif-2.2.3-10.FC4.2.x86_64.rpm
4066df1811adcd35e90b31758c9b017161639fbd x86_64/openmotif-devel-2.2.3-10.FC4.2.x86_64.rpm
7c9d2e354440d534f741e114b6dcd4beb4a30c7a x86_64/debug/openmotif-debuginfo-2.2.3-10.FC4.2.x86_64.rpm
ff006d0dfaec251214195b80fc6d2a54bd1be0ba i386/openmotif-2.2.3-10.FC4.2.i386.rpm
82b4db6360e37a2c77c5c4542523249572cb44ae i386/openmotif-devel-2.2.3-10.FC4.2.i386.rpm
1ba3804ed831ed474fe04140d0a949f6ae1f03c0 i386/debug/openmotif-debuginfo-2.2.3-10.FC4.2.i386.rpm

Red Hat Network Satellite Server: version 5.0.2.
Version 5.0.2 is corrected.

RHEL 3AS, 4AS: new java, apache, modperl, modssl packages.
New packages are available:
Red Hat Network Satellite Server 4.2 (RHEL v.3 AS):
i386:
jabberd-2.0s10-3.37.rhn.i386.rpm
java-1.4.2-ibm-1.4.2.10-1jpp.2.el3.i386.rpm
java-1.4.2-ibm-devel-1.4.2.10-1jpp.2.el3.i386.rpm
openmotif21-2.1.30-9.RHEL3.8.i386.rpm
openmotif21-debuginfo-2.1.30-9.RHEL3.8.i386.rpm
rhn-apache-1.3.27-36.rhn.rhel3.i386.rpm
rhn-modjk-ap13-1.2.23-2rhn.rhel3.i386.rpm
rhn-modperl-1.29-16.rhel3.i386.rpm
rhn-modssl-2.8.12-8.rhn.10.rhel3.i386.rpm
noarch:
jfreechart-0.9.20-3.rhn.noarch.rpm
perl-Crypt-CBC-2.24-1.el3.noarch.rpm
tomcat5-5.0.30-0jpp_10rh.noarch.rpm
Red Hat Network Satellite Server 4.2 (RHEL v.4 AS):
i386:
jabberd-2.0s10-3.38.rhn.i386.rpm
java-1.4.2-ibm-1.4.2.10-1jpp.2.el4.i386.rpm
java-1.4.2-ibm-devel-1.4.2.10-1jpp.2.el4.i386.rpm
openmotif21-2.1.30-11.RHEL4.6.i386.rpm
openmotif21-debuginfo-2.1.30-11.RHEL4.6.i386.rpm
rhn-apache-1.3.27-36.rhn.rhel4.i386.rpm
rhn-modjk-ap13-1.2.23-2rhn.rhel4.i386.rpm
rhn-modperl-1.29-16.rhel4.i386.rpm
rhn-modssl-2.8.12-8.rhn.10.rhel4.i386.rpm
noarch:
jfreechart-0.9.20-3.rhn.noarch.rpm
perl-Crypt-CBC-2.24-1.el4.noarch.rpm
tomcat5-5.0.30-0jpp_10rh.noarch.rpm

RHEL: new openmotif packages.
New packages are available:
Red Hat Enterprise Linux version 2.1:
  openmotif-2.1.30-13.21AS.6
Red Hat Enterprise Linux AS version 3:
  openmotif-2.2.3-5.RHEL3.3
  openmotif21-2.1.30-9.RHEL3.7
Red Hat Enterprise Linux AS version 4:
  openmotif-2.2.3-10.RHEL4.1
  openmotif21-2.1.30-11.RHEL4.5

SGI ProPack 3: new freeradius, Mozilla, openmotif packages.
Patch 10302 is corrected.
New packages are also available:
  ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/RPMS
  ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/SRPMS
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a computer security bulletin. The Vigil@nce vulnerability database contains several thousand vulnerabilities.