Search:

November 2005

SCO Security Advisory: SCOSA-2005.52 - OpenServer 6.0.0 : KAME Racoon Daemon Denial of Service Vulnerability

ID: 01052
Ref: 987?2005
Date: 29 November 2005:10:27:51
Version: 1

Title: SCO Security Advisory: SCOSA-2005.52 - OpenServer 6.0.0 : KAME Racoon Daemon Denial of Service Vulnerability
Abstract: Racoon is an IKEv1 keying daemon, a common IPSec Utility. Due to a bug in the way the Racoon parsed incoming ISAKMP packets, an attacker could possibly crash the racoon daemon by sending a specially crafted ISAKMP packet.
Vendors affected: SCO
Operating systems affected: SCO
Applications affected: SCO

Title
=====

-----BEGIN PGP SIGNED MESSAGE-----

SCO Security Advisory: SCOSA-2005.52 - OpenServer 6.0.0 : KAME Racoon Daemon
Denial of Service Vulnerability

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQCVAwUBQ4wrxopao72zK539AQH/rwP/UwgCE3Uhk8JB4M5tsIcw+NIqPbNCDC5U
sSMO934i+LzhZquIVW4a5XDqw2tTGDk7I7MrxLnm6bR/bIQb9t3iQk2H7EGYrWWV
Oiziz6Vy9zIhm70/DADcMuS9N2/MkYQdIjcNQyOVLQpCfy6dKcDwCPbzeZaB2S/h
JQSj6xkDmFE=
=QEzl
-----END PGP SIGNATURE-----

Detail
======

Racoon is an IKEv1 keying daemon, a common IPSec Utility. Due
to a bug in the way the Racoon parsed incoming ISAKMP packets,
an attacker could possibly crash the racoon daemon by sending a
specially crafted ISAKMP packet.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________

SCO Security Advisory

Subject: OpenServer 6.0.0 : KAME Racoon Daemon Denial of Service Vulnerability
Advisory number: SCOSA-2005.52
Issue date: 2005 November 28
Cross reference: sr895064 erg712954 fz533033
CVE-2005-0398

______________________________________________________________________________

1. Problem Description

Racoon is an IKEv1 keying daemon, a common IPSec Utility. Due
to a bug in the way the Racoon parsed incoming ISAKMP packets,
an attacker could possibly crash the racoon daemon by sending a
specially crafted ISAKMP packet.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2005-0398 to this issue.

2. Vulnerable Supported Versions

System Binaries
----------------------------------------------------------------------
OpenServer 6.0.0 /usr/sbin/racoon

3. Solution

The proper solution is to install the latest packages.

4. OpenServer 6.0.0

4.1 Location of Fixed Binaries

ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.52

4.2 Verification

MD5 (VOL.000.000) = 6233d4a9b0aa683814f9d8041cf184fb

md5 is available for download from
ftp://ftp.sco.com/pub/security/tools

4.3 Installing Fixed Binaries

Upgrade the affected binaries with the following sequence:

1) Download the VOL* files to a directory.

2) Run the custom command, specify an install
from media images, and specify the directory as
the location of the images.

5. References

Specific references for this advisory:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0398

SCO security resources:
http://www.sco.com/support/security/index.html

SCO security advisories via email
http://www.sco.com/support/forums/security.html

This security fix closes SCO incidents sr895064 erg712954
fz533033.

6. Disclaimer

SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers
intended to promote secure installation and use of SCO
products.

7. Acknowledgments

SCO would like to thank Sebastian Krahmer for reporting this
vulnerability.

______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (UnixWare)

iD8DBQFDizxVaqoBO7ipriERAlYMAKCr1GJr7hko5L5SeIQ9lZO302MdyQCeJwc7
MNW1g27sTAq/c0OozetgAd0=
=Ugv/
-----END PGP SIGNATURE-----