lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20030926180435.A12875@caldera.com>
Date: Fri, 26 Sep 2003 18:04:35 -0700
From: security@....com
To: announce@...ts.sco.com, bugtraq@...urityfocus.com,
   full-disclosure@...ts.netsys.com
Subject: UnixWare 7.1.3 UnixWare 7.1.1 Open UNIX 8.0.0 : Network device drivers reuse old frame buffer data to pad packets



To: announce@...ts.sco.com bugtraq@...urityfocus.com full-disclosure@...ts.netsys.com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________

			SCO Security Advisory

Subject:		UnixWare 7.1.3 UnixWare 7.1.1 Open UNIX 8.0.0 : Network device drivers reuse old frame buffer data to pad packets
Advisory number: 	CSSA-2003-SCO.21
Issue date: 		2003 September 26
Cross reference: 	sr866216 fz521367 erg712090
______________________________________________________________________________


1. Problem Description

	Many network device drivers reuse old frame buffer data
	to pad packets, resulting in an information leakage
	vulnerability that may allow remote attackers to harvest
	sensitive information from affected devices. 

	The Ethernet standard (IEEE 802.3) specifies a minimum
	data field size of 46 bytes. If a higher layer protocol
	such as IP provides packet data that is smaller than 46
	bytes, the device driver must fill the remainder of the
	data field with a "pad". For IP datagrams, RFC1042 specifies
	that "the data field should be padded (with octets of zero)
	to meet the IEEE 802 minimum frame size requirements."

	Researchers from @Stake have discovered that, contrary to
	the recommendations of RFC1042, many Ethernet device drivers
	fail to pad frames with null bytes. Instead, these device
	drivers reuse previously transmitted frame data to pad
	frames smaller than 46 bytes. This constitutes an information
	leakage vulnerability that may allow remote attackers to
	harvest potentially sensitive information. 

	For detailed information on this research, please read 
	@Stake's "EtherLeak: Ethernet frame padding information
	leakage", available at
	http://www.atstake.com/research/advisories/2003/atstake_etherleak_report.pdf

	The Common Vulnerabilities and Exposures (CVE) project has
	assigned the following name CAN-2003-0001 for this issue.
	This is a candidate for inclusion in the CVE list
	(http://cve.mitre.org), which standardizes names for
	security problems. 

2. Vulnerable Supported Versions

	System				Binaries
	----------------------------------------------------------------------
	UnixWare 7.1.3 		nics package

	UnixWare 7.1.1 		/etc/conf/pack.d/dlpi/Driver.o
				/etc/inst/nd/dlpi/Driver.o

	Open UNIX 8.0.0 	/etc/conf/pack.d/dlpi/Driver.o
				/etc/inst/nd/dlpi/Driver.o


3. Solution

	The proper solution is to install the latest packages.


4. UnixWare 7.1.3

	4.1 Location of Fixed Binaries

	ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.21

	4.2 Verification

	MD5 (nics.image) = 650144e22bfa3aa666d1eabe9bb6f151

	md5 is available for download from
		ftp://ftp.sco.com/pub/security/tools


	4.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following sequence:

	Upgrade the affected binaries with the following sequence:

                1. Download the nics.image file to the /tmp directory on your machine.

                2. As root, uncompress the file and add the package to your system
                using these commands:

                $ su
                Password: <type your root password>
                # uncompress /tmp/nics.image
                # pkgadd -d /tmp/nics.image
                # rm /tmp/nics.image

5. UnixWare 7.1.1

	5.1 First install Maintaince Pack 3. This fix will be 
	    included in Maintaince Pack 4.
 
	5.2 Location of Fixed Binaries

	ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.21

	5.3 Verification

	MD5 (erg712090.pkg.Z) = c299a961be84dbcca7a77dda08f0a8c4

	md5 is available for download from
		ftp://ftp.sco.com/pub/security/tools

	5.4 Installing Fixed Binaries

	Upgrade the affected binaries with the following sequence:

	Download erg712090.pkg.Z to the /var/spool/pkg directory

	# uncompress /var/spool/pkg/erg712090.pkg.Z
	# pkgadd -d /var/spool/pkg/erg712090.pkg


6. Open UNIX 8.0.0

	6.1 First install Maintaince Pack 6. 

	6.1 Location of Fixed Binaries

	ftp://ftp.sco.com/pub/updates/OpenUNIX/CSSA-2003-SCO.21

	6.2 Verification

	MD5 (erg712090.pkg.Z) = c299a961be84dbcca7a77dda08f0a8c4

	md5 is available for download from
		ftp://ftp.sco.com/pub/security/tools

	6.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following sequence:

	Download erg712090.pkg.Z to the /var/spool/pkg directory

	# uncompress /var/spool/pkg/erg712090.pkg.Z
	# pkgadd -d /var/spool/pkg/erg712090.pkg


7. References

	Specific references for this advisory:
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0001 
		http://www.atstake.com/research/advisories/2003/atstake_etherleak_report.pdf 
		http://www.atstake.com/research/advisories/2003/a010603-1.txt 
		http://www.nextgenss.com/advisories/etherleak-2003.txt 
		http://www.ietf.org/rfc/rfc1042.txt

	SCO security resources:
		http://www.sco.com/support/security/index.html

	This security fix closes SCO incidents sr866216 fz521367
	erg712090.


8. Disclaimer

	SCO is not responsible for the misuse of any of the information
	we provide on this website and/or through our security
	advisories. Our advisories are a service to our customers
	intended to promote secure installation and use of SCO
	products.


9. Acknowledgments

	 SCO would like to thank Ofir Arkin and Josh Anderson from
	 @Stake for their research.

______________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAj90zgcACgkQaqoBO7ipriFagwCgqMA/VriVmZXgjyCQ1y9LJv3y
xUoAnREQyrxRAXdDhgXUZDi3DuB7FPOh
=uRMx
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ