lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050207144957.A940@caldera.com>
Date: Mon, 7 Feb 2005 14:49:57 -0800
From: please_reply_to_security@....com
To: security-announce@...t.sco.com, bugtraq@...urityfocus.com,
        full-disclosure@...ts.netsys.com
Subject: UnixWare 7.1.4 : racoon multilple security issues



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


______________________________________________________________________________

			SCO Security Advisory

Subject:		UnixWare 7.1.4 : racoon multilple security issues
Advisory number: 	SCOSA-2005.10
Issue date: 		2005 February 07
Cross reference:	sr890909 fz529836 erg712650 CAN-2004-0155 CAN-2004-0164 CAN-2004-0392 CAN-2004-0403 CAN-2004-0607
______________________________________________________________________________


1. Problem Description

	Racoon is the daemon which negotiates and configures a set
	of parameters of IPsec. Several security issues are addressed
	with this patch. 

	The KAME IKE Daemon Racoon, when authenticating a peer during 
	Phase 1, validates the X.509 certificate but does not verify 
	the RSA signature authentication, which allows remote attackers 
	to establish unauthorized IP connections or conduct 
	man-in-the-middle attacks using a valid, trusted X.509 
	certificate. 

	The Common Vulnerabilities and Exposures project (cve.mitre.org) 
	has assigned the name CAN-2004-0155 to this issue. 

	KAME IKE daemon (racoon) does not properly handle hash values, 
	which allows remote attackers to delete certificates via a 
	certain delete message that is not properly handled in isakmp.c 
	or isakmp_inf.c, or a certain INITIAL-CONTACT message that
	is not properly handled in isakmp_inf.c. 

	The Common Vulnerabilities and Exposures project (cve.mitre.org) 
	has assigned th e name CAN-2004-0164 to this issue. 

	racoon before 20040407b allows remote attackers to cause a denial 
	of service (infinite loop and dropped connections) via an IKE 
	message with a malformed Generic Payload Header containing 
	invalid "Security Association Next Payload" and "RESERVED" fields. 

	The Common Vulnerabilities and Exposures project (cve.mitre.org) 
	has assigned th e name CAN-2004-0392 to this issue. 

	Racoon before 20040408a allows remote attackers to cause a denial 
	of service (memory consumption) via an ISAKMP packet with a large 
	length field. 

	The Common Vulnerabilities and Exposures project (cve.mitre.org) 
	has assigned th e name CAN-2004-0403 to this issue. 

	The eay_check_x509cert function in KAME Racoon successfully
	verifies certificates even when OpenSSL validation fails,
	which could allow remote attackers to bypass authentication.

	The Common Vulnerabilities and Exposures project (cve.mitre.org)
	has assigned the name CAN-2004-0607 to this issue.


2. Vulnerable Supported Versions

	System				Binaries
	----------------------------------------------------------------------
	UnixWare 7.1.4 			/usr/sbin/racoon

3. Solution

	The proper solution is to install the latest packages.

4. UnixWare 7.1.4

	4.1 Location of Fixed Binaries

	ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.10

	4.2 Verification

	MD5 (erg712650.pkg.Z) = dd4cf5b0cc719b9ca6aa7b2e3b7eff65

	md5 is available for download from
		ftp://ftp.sco.com/pub/security/tools

	4.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following sequence:

	Download erg712650.pkg.Z to the /var/spool/pkg directory

	# uncompress /var/spool/pkg/erg712650.pkg.Z
	# pkgadd -d /var/spool/pkg/erg712650.pkg


5. References

	Specific references for this advisory:
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0155 
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0164 
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0392 
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0403 
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0607 
		http://www.vuxml.org/freebsd/ccd698df-8e20-11d8-90d1-0020ed76ef5a.html 
		http://www.vuxml.org/freebsd/40fcf20f-8891-11d8-90d1-0020ed76ef5a.html 
		http://marc.theaimsgroup.com/?l=bugtraq&m=107403331309838&w=2 
		http://marc.theaimsgroup.com/?l=bugtraq&m=107411758202662&w=2 
		http://marc.theaimsgroup.com/?l=bugtraq&m=108136746911000&w=2

	SCO security resources:
		http://www.sco.com/support/security/index.html

	SCO security advisories via email
		http://www.sco.com/support/forums/security.html

	This security fix closes SCO incidents sr890909 fz529836
	erg712650.


6. Disclaimer

	SCO is not responsible for the misuse of any of the information
	we provide on this website and/or through our security
	advisories. Our advisories are a service to our customers
	intended to promote secure installation and use of SCO
	products.

______________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (SCO/UNIX_SVR5)

iD8DBQFCB8NIaqoBO7ipriERAk/oAJ9tBctfOjHLXop2OPT36NFNiArmawCggWYf
gPAjKWLglaZDFvzofIGIO00=
=jQkm
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ