Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > September 2005 > SCO - OpenServer 6.0.0 : TCP Remote ICMP Denial Of Service Vulnerabilities

September 2005

SCO - OpenServer 6.0.0 : TCP Remote ICMP Denial Of Service Vulnerabilities

ID: 00828
Ref: 771/05
Date: 23 September 2005:12:10:40
Version: 1
Title: SCO - OpenServer 6.0.0 : TCP Remote ICMP Denial Of Service Vulnerabilities
Abstract:
Vendors affected: SCO
Operating systems affected: SCO
Applications affected: SCO

Title
=====
SCO - OpenServer 6.0.0 : TCP Remote ICMP Denial Of Service Vulnerabilities


Detail
======

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



______________________________________________________________________________

SCO Security Advisory

Subject: OpenServer 6.0.0 : TCP Remote ICMP Denial Of Service Vulnerabilities
Advisory number: SCOSA-2005.38
Issue date: 2005 September 22
Cross reference: sr894918 fz530661 erg712928 CAN-2004-0790 CAN-2004-0791 CAN-2004-1060
______________________________________________________________________________


1. Problem Description

The Internet Control Message Protocol is used to alert
hosts on a network about certain situations, and the hosts
then take automatic action to prevent network failures or
to improve transport efficiency. The RFC recommends no
security checking for in-bound ICMP messages, so long as
a related connection exists, and may potentially allow
several different Denials of Service. The following
individual attacks are reported: A blind connection-reset
attack is reported, which takes advantage of the specification
that describes that on receiving a 'hard' ICMP error, the
corresponding connection should be aborted. A remote
attacker may terminate target TCP connections and deny
service for legitimate users.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2004-0790 to this issue.

An ICMP Source Quench
attack is reported, which exploits the specification that
a host must react to ICMP Source Quench messages by slowing
transmission on the associated connection. A remote attacker
may effectively degrade performance for a legitimate
connection.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2004-0791 to this issue.

A suitable forged ICMP PMTUD message may be used to reduce the
MTU for a given connection in a similar manner.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2004-1060 to this issue.


2. Vulnerable Supported Versions

System Binaries
----------------------------------------------------------------------
OpenServer 6.0.0 inet driver


3. Solution

The proper solution is to install the latest packages.


4. OpenServer 6.0.0

4.1 Location of Fixed Binaries

ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.38

4.2 Verification

MD5 (VOL.000.000) = 8b97daeeba0c5653d1e01d589109c250

md5 is available for download from
ftp://ftp.sco.com/pub/security/tools


4.3 Installing Fixed Binaries

Upgrade the affected binaries with the following sequence:

1) Download the VOL* files to a directory

2) Run the custom command, specify an install from media
images, and specify the directory as the location of the
images.


5. References

Specific references for this advisory:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0790
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0791
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1060

SCO security resources:
http://www.sco.com/support/security/index.html

SCO security advisories via email
http://www.sco.com/support/forums/security.html

This security fix closes SCO incidents sr894918 fz530661
erg712928.


6. Disclaimer

SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers
intended to promote secure installation and use of SCO
products.


7. Acknowledgments

The SCO Group would like to thank Fernando Gont for reporting
these issues.

______________________________________________________________________________

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (SCO/SYSV)

iD8DBQFDMuH6aqoBO7ipriERAjZ/AJ9GJGsylMBOlEbT8qb4enKIoCQxfACghPMk
rTKK50snfn12AXxAffKBVrU=
=KMrf
- -----END PGP SIGNATURE-----



  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |