lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20040303012318.6E722260C7@helix.pdev.ca.sco.com>
Date: Tue,  2 Mar 2004 17:23:18 -0800 (PST)
From: please_reply_to_security@....com
To: announce@...ts.caldera.com, bugtraq@...urityfocus.com,
   full-disclosure@...ts.netsys.com, security-alerts@...uxsecurity.com
Subject: OpenLinux: Tcpdump flaws in ISAKMP



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


______________________________________________________________________________

			SCO Security Advisory

Subject:		OpenLinux: Tcpdump flaws in ISAKMP
Advisory number: 	CSSA-2004-008.0
Issue date: 		2004 March 02
Cross reference: 	sr889071 fz528722 erg712537 CAN-2003-0989 CAN-2004-0057 CAN-2004-0055 
______________________________________________________________________________


1. Problem Description

	Tcpdump prints  out  the  headers of packets on a network 
	interface.

	George Bakos discovered flaws in the ISAKMP decoding
	routines of tcpdump versions prior to 3.8.1. allows remote 
	attackers to cause a denial of service.  The Common
	Vulnerabilities and Exposures project (cve.mitre.org) has 
	assigned the name CAN-2003-0989 to this issue. 

	Jonathan Heusser discovered an additional flaw in the ISAKMP 
	decoding routines for tcpdump 3.8.1 and earlier in the 	
	rawprint function in the ISAKMP decoding routines could allow  
	attackers to cause a denial of service via malformed ISAKMP 
	packets that cause invalid "len" or "loc" values to be used 
	in a loop.  The Common Vulnerabilities and Exposures project 
	(cve.mitre.org) has assigned the name CAN-2004-0057 to this 
	issue. 

	Jonathan Heusser discovered a flaw in the print_attr_string 
	function in print-radius.c for tcpdump 3.8.1 and earlier 
	allows remote attackers to cause a denial of service via a 
	RADIUS attribute with a large length value.  The Common 
	Vulnerabilities and Exposures project (cve.mitre.org) 
	has assigned the name CAN-2004-0055 to this issue. 

2. Vulnerable Supported Versions

	System				Package
	----------------------------------------------------------------------
	OpenLinux 3.1.1 Server		prior to tcpdump-3.8.1-1.i386.rpm
	OpenLinux 3.1.1 Workstation	prior to tcpdump-3.8.1-1.i386.rpm


3. Solution

	The proper solution is to install the latest packages. Many
	customers find it easier to use the Caldera System Updater, called
	cupdate (or kcupdate under the KDE environment), to update these
	packages rather than downloading and installing them by hand.


4. OpenLinux 3.1.1 Server

	4.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-008.0/RPMS

	4.2 Packages

	390598fc4ef79eacb5d882fc8905b878	tcpdump-3.8.1-1.i386.rpm

	4.3 Installation

	rpm -Fvh tcpdump-3.8.1-1.i386.rpm

	4.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-008.0/SRPMS

	4.5 Source Packages

	92c4f001608104cb618a8ad20e28d42c	tcpdump-3.8.1-1.src.rpm


5. OpenLinux 3.1.1 Workstation

	5.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2004-008.0/RPMS

	5.2 Packages

	597cda73e6704003d586ab453e2a6c89	tcpdump-3.8.1-1.i386.rpm

	5.3 Installation

	rpm -Fvh tcpdump-3.8.1-1.i386.rpm

	5.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2004-008.0/SRPMS

	5.5 Source Packages

	2d6f696cc92deaace62a6ff86e99c436	tcpdump-3.8.1-1.src.rpm


6. References

	Specific references for this advisory:
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0989
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0057
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0055

	SCO security resources:
		http://www.sco.com/support/security/index.html

	This security fix closes SCO incidents sr889071 fz528722
	erg712537.


7. Disclaimer

	SCO is not responsible for the misuse of any of the information
	we provide on this website and/or through our security
	advisories. Our advisories are a service to our customers intended
	to promote secure installation and use of SCO products.


8. Acknowledgements

	SCO would like to thank Jonathan Heusser and George Bakos.

______________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (SCO/UNIX_SVR5)

iD8DBQFARTCbbluZssSXDTERAu8aAJ9OLUXu3XwECnZ/U0Xj90HZAAzJFQCgyFqU
rJeU8Thv5BlZBaF7uBOZNJQ=
=Qu7F
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ