[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20040303012318.6E722260C7@helix.pdev.ca.sco.com>
Date: Tue, 2 Mar 2004 17:23:18 -0800 (PST)
From: please_reply_to_security@....com
To: announce@...ts.caldera.com, bugtraq@...urityfocus.com,
full-disclosure@...ts.netsys.com, security-alerts@...uxsecurity.com
Subject: OpenLinux: Tcpdump flaws in ISAKMP
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SCO Security Advisory
Subject: OpenLinux: Tcpdump flaws in ISAKMP
Advisory number: CSSA-2004-008.0
Issue date: 2004 March 02
Cross reference: sr889071 fz528722 erg712537 CAN-2003-0989 CAN-2004-0057 CAN-2004-0055
______________________________________________________________________________
1. Problem Description
Tcpdump prints out the headers of packets on a network
interface.
George Bakos discovered flaws in the ISAKMP decoding
routines of tcpdump versions prior to 3.8.1. allows remote
attackers to cause a denial of service. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2003-0989 to this issue.
Jonathan Heusser discovered an additional flaw in the ISAKMP
decoding routines for tcpdump 3.8.1 and earlier in the
rawprint function in the ISAKMP decoding routines could allow
attackers to cause a denial of service via malformed ISAKMP
packets that cause invalid "len" or "loc" values to be used
in a loop. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0057 to this
issue.
Jonathan Heusser discovered a flaw in the print_attr_string
function in print-radius.c for tcpdump 3.8.1 and earlier
allows remote attackers to cause a denial of service via a
RADIUS attribute with a large length value. The Common
Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2004-0055 to this issue.
2. Vulnerable Supported Versions
System Package
----------------------------------------------------------------------
OpenLinux 3.1.1 Server prior to tcpdump-3.8.1-1.i386.rpm
OpenLinux 3.1.1 Workstation prior to tcpdump-3.8.1-1.i386.rpm
3. Solution
The proper solution is to install the latest packages. Many
customers find it easier to use the Caldera System Updater, called
cupdate (or kcupdate under the KDE environment), to update these
packages rather than downloading and installing them by hand.
4. OpenLinux 3.1.1 Server
4.1 Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-008.0/RPMS
4.2 Packages
390598fc4ef79eacb5d882fc8905b878 tcpdump-3.8.1-1.i386.rpm
4.3 Installation
rpm -Fvh tcpdump-3.8.1-1.i386.rpm
4.4 Source Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-008.0/SRPMS
4.5 Source Packages
92c4f001608104cb618a8ad20e28d42c tcpdump-3.8.1-1.src.rpm
5. OpenLinux 3.1.1 Workstation
5.1 Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2004-008.0/RPMS
5.2 Packages
597cda73e6704003d586ab453e2a6c89 tcpdump-3.8.1-1.i386.rpm
5.3 Installation
rpm -Fvh tcpdump-3.8.1-1.i386.rpm
5.4 Source Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2004-008.0/SRPMS
5.5 Source Packages
2d6f696cc92deaace62a6ff86e99c436 tcpdump-3.8.1-1.src.rpm
6. References
Specific references for this advisory:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0989
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0057
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0055
SCO security resources:
http://www.sco.com/support/security/index.html
This security fix closes SCO incidents sr889071 fz528722
erg712537.
7. Disclaimer
SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers intended
to promote secure installation and use of SCO products.
8. Acknowledgements
SCO would like to thank Jonathan Heusser and George Bakos.
______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (SCO/UNIX_SVR5)
iD8DBQFARTCbbluZssSXDTERAu8aAJ9OLUXu3XwECnZ/U0Xj90HZAAzJFQCgyFqU
rJeU8Thv5BlZBaF7uBOZNJQ=
=Qu7F
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists