Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > February 2005 > Three SCO Security Advisories

February 2005

Three SCO Security Advisories

ID: 00113
Ref: 98/2005
Date: 08 February 2005:15:12:52
Version: 1
Title: Three SCO Security Advisories
Abstract:
Vendors affected: SCO
Operating systems affected: SCO
Applications affected: SCO
Title
=====

Three SCO Security Advisories:

1. SCOSA-2005.9 - OpenServer 5.0.6 OpenServer 5.0.7 :
Vulnerabilities in long-lived TCP connections / Rose attack

2. SCOSA-2005.14 - UnixWare 7.1.3 UnixWare 7.1.1 :
Vulnerabilities in long-lived TCP connections / Rose attack

3. SCOSA-2005.10 - UnixWare 7.1.4 : racoon multilple security issues

Detail
======

1. TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP.

2. TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP.

3. Racoon is the daemon which negotiates and configures a set of parameters of IPsec. Several security issues are addressed with this patch.





1.




- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


______________________________________________________________________________

SCO Security Advisory

Subject: OpenServer 5.0.6 OpenServer 5.0.7 : Vulnerabilities in long-lived
TCP connections / Rose attack
Advisory number: SCOSA-2005.9
Issue date: 2005 February 07
Cross reference: sr890287 fz528415 erg712606 sr890248 fz529385 erg712599
______________________________________________________________________________


1. Problem Description

TCP, when using a large Window Size, makes it easier for
remote attackers to guess sequence numbers and cause a
denial of service (connection loss) to persistent TCP
connections by repeatedly injecting a TCP RST packet,
especially in protocols that use long-lived connections,
such as BGP.

Reference : NISCC Vulnerability Advisory 236929
Reference : CERT Technical Cyber Security Alert TA04-111A

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2004-0230 to this issue.


2. Vulnerable Supported Versions

System Binaries
----------------------------------------------------------------------
OpenServer 5.0.6 /usr/lib/tcprt/ID/ip/Driver.o
/usr/lib/tcprt/ID/ip/Space.c
/usr/include/sys/netinet/ip_var.h

OpenServer 5.0.7 /usr/lib/tcprt/ID/ip/Driver.o
/usr/lib/tcprt/ID/ip/Space.c
/usr/include/sys/netinet/ip_var.h

3. Solution

The proper solution is to install the latest packages.


4. OpenServer 5.0.6

4.1 Location of Fixed Binaries

ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.9

4.2 Verification

MD5 (VOL.000.000) = 472ab4332103f16740c817e546236065

md5 is available for download from
ftp://ftp.sco.com/pub/security/tools


4.3 Installing Fixed Binaries

Upgrade the affected binaries with the following sequence:

1) Download the VOL* files to a directory

2) Run the custom command, specify an install from media
images, and specify the directory as the location of the
images.


5. OpenServer 5.0.7

5.1 Location of Fixed Binaries

ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.9


5.2 Verification

MD5 (VOL.000.000) = 472ab4332103f16740c817e546236065

md5 is available for download from
ftp://ftp.sco.com/pub/security/tools


5.3 Installing Fixed Binaries

Upgrade the affected binaries with the following sequence:

1) Download the VOL* files to a directory

2) Run the custom command, specify an install from media
images, and specify the directory as the location of the
images.


6. References

Specific references for this advisory:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0230
http://www.uniras.gov.uk/niscc/docs/al-20040420-00199.html?lang=en
http://www.us-cert.gov/cas/techalerts/TA04-111A.html

SCO security resources:
http://www.sco.com/support/security/index.html

SCO security advisories via email
http://www.sco.com/support/forums/security.html

This security fix closes SCO incidents sr890287 fz528415
erg712606 sr890248 fz529385 erg712599.


7. Disclaimer

SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers
intended to promote secure installation and use of SCO
products.


8. Acknowledgments

SCO would like to thank NISCC, Steve Bellovin, Rob Thomas
and Paul Watson, Cisco Systems Inc. and Juniper Networks
Inc.

______________________________________________________________________________

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (SCO/UNIX_SVR5)

iD8DBQFCBGrKaqoBO7ipriERAm/wAJ9AriP0TeCz2JVR54YwveNgzYSNWwCfR1QC
BCAAOBHlbAhOiAbIWxk2iiI=
=j4tP
- -----END PGP SIGNATURE-----


2.



- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


______________________________________________________________________________

SCO Security Advisory

Subject: UnixWare 7.1.3 UnixWare 7.1.1 : Vulnerabilities in long-lived
TCP connections / Rose attack
Advisory number: SCOSA-2005.14
Issue date: 2005 February 07
Cross reference: sr890247 fz529384 erg712598 sr890286 fz529414 erg712605
______________________________________________________________________________


1. Problem Description

TCP, when using a large Window Size, makes it easier for
remote attackers to guess sequence numbers and cause a
denial of service (connection loss) to persistent TCP
connections by repeatedly injecting a TCP RST packet,
especially in protocols that use long-lived connections,
such as BGP.

Reference : NISCC Vulnerability Advisory 236929
Reference : CERT Technical Cyber Security Alert TA04-111A

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2004-0230 to this issue.


2. Vulnerable Supported Versions

System Binaries
----------------------------------------------------------------------
UnixWare 7.1.3 /etc/conf/pack.d/inet/Driver_atup.o
/etc/conf/pack.d/inet/Driver_mp.o
/etc/conf/pack.d/inet/space.c
/usr/include/netinet/ip_var.h

UnixWare 7.1.1 /etc/conf/pack.d/inet/Driver_atup.o
/etc/conf/pack.d/inet/Driver_mp.o
/etc/conf/pack.d/inet/space.c
/usr/include/netinet/ip_var.h

3. Solution

The proper solution is to install the latest packages.


4. UnixWare 7.1.3

4.1 Location of Fixed Binaries

ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.14

4.2 Verification

MD5 (erg712598.pkg.Z) = c037e34427caf7f752eac2680f7dd29a

md5 is available for download from
ftp://ftp.sco.com/pub/security/tools

4.3 Installing Fixed Binaries

Upgrade the affected binaries with the following sequence:

Download erg712598.pkg.Z to the /var/spool/pkg directory

# uncompress /var/spool/pkg/erg712598.pkg.Z
# pkgadd -d /var/spool/pkg/erg712598.pkg


5. UnixWare 7.1.1

5.1 Location of Fixed Binaries

ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.14


5.2 Verification

MD5 (erg712598.711.pkg.Z) = 010281cae30aec75daa9b03b1ebbb522

md5 is available for download from
ftp://ftp.sco.com/pub/security/tools


5.3 Installing Fixed Binaries

Upgrade the affected binaries with the following sequence:

Download erg712598.711.pkg.Z to the /var/spool/pkg directory

# uncompress /var/spool/pkg/erg712598.711.pkg.Z
# pkgadd -d /var/spool/pkg/erg712598.711.pkg


6. References

Specific references for this advisory:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0230
http://www.uniras.gov.uk/niscc/docs/al-20040420-00199.html?lang=en
http://www.us-cert.gov/cas/techalerts/TA04-111A.html

SCO security resources:
http://www.sco.com/support/security/index.html

SCO security advisories via email
http://www.sco.com/support/forums/security.html

This security fix closes SCO incidents sr890247 fz529384
erg712598 sr890286 fz529414 erg712605.


7. Disclaimer

SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers
intended to promote secure installation and use of SCO
products.


8. Acknowledgments

SCO would like to thank NISCC, Steve Bellovin, Rob Thomas
and Paul Watson, Cisco Systems Inc. and Juniper Networks
Inc.

______________________________________________________________________________

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (SCO/UNIX_SVR5)

iD8DBQFCBBLfaqoBO7ipriERAjQsAKChGoyGEXEATXFEfzcdJs9rRGJUHQCdEpyN
XnnKtGQOwKRJqqQQyXEV+yk=
=96m9
- -----END PGP SIGNATURE-----




3.




- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


______________________________________________________________________________

SCO Security Advisory

Subject: UnixWare 7.1.4 : racoon multilple security issues
Advisory number: SCOSA-2005.10
Issue date: 2005 February 07
Cross reference: sr890909 fz529836 erg712650 CAN-2004-0155 CAN-2004-0164
CAN-2004-0392 CAN-2004-0403 CAN-2004-0607 ______________________________________________________________________________


1. Problem Description

Racoon is the daemon which negotiates and configures a set
of parameters of IPsec. Several security issues are addressed
with this patch.

The KAME IKE Daemon Racoon, when authenticating a peer during
Phase 1, validates the X.509 certificate but does not verify
the RSA signature authentication, which allows remote attackers
to establish unauthorized IP connections or conduct
man-in-the-middle attacks using a valid, trusted X.509
certificate.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2004-0155 to this issue.

KAME IKE daemon (racoon) does not properly handle hash values,
which allows remote attackers to delete certificates via a
certain delete message that is not properly handled in isakmp.c
or isakmp_inf.c, or a certain INITIAL-CONTACT message that
is not properly handled in isakmp_inf.c.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned th e name CAN-2004-0164 to this issue.

racoon before 20040407b allows remote attackers to cause a denial
of service (infinite loop and dropped connections) via an IKE
message with a malformed Generic Payload Header containing
invalid "Security Association Next Payload" and "RESERVED" fields.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned th e name CAN-2004-0392 to this issue.

Racoon before 20040408a allows remote attackers to cause a denial
of service (memory consumption) via an ISAKMP packet with a large
length field.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned th e name CAN-2004-0403 to this issue.

The eay_check_x509cert function in KAME Racoon successfully
verifies certificates even when OpenSSL validation fails,
which could allow remote attackers to bypass authentication.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2004-0607 to this issue.


2. Vulnerable Supported Versions

System Binaries
----------------------------------------------------------------------
UnixWare 7.1.4 /usr/sbin/racoon

3. Solution

The proper solution is to install the latest packages.

4. UnixWare 7.1.4

4.1 Location of Fixed Binaries

ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.10

4.2 Verification

MD5 (erg712650.pkg.Z) = dd4cf5b0cc719b9ca6aa7b2e3b7eff65

md5 is available for download from
ftp://ftp.sco.com/pub/security/tools

4.3 Installing Fixed Binaries

Upgrade the affected binaries with the following sequence:

Download erg712650.pkg.Z to the /var/spool/pkg directory

# uncompress /var/spool/pkg/erg712650.pkg.Z
# pkgadd -d /var/spool/pkg/erg712650.pkg


5. References

Specific references for this advisory:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0155
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0164
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0392
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0403
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0607
http://www.vuxml.org/freebsd/ccd698df-8e20-11d8-90d1-0020ed76ef5a.html
http://www.vuxml.org/freebsd/40fcf20f-8891-11d8-90d1-0020ed76ef5a.html
http://marc.theaimsgroup.com/?l=bugtraq&m=107403331309838&w=2
http://marc.theaimsgroup.com/?l=bugtraq&m=107411758202662&w=2
http://marc.theaimsgroup.com/?l=bugtraq&m=108136746911000&w=2

SCO security resources:
http://www.sco.com/support/security/index.html

SCO security advisories via email
http://www.sco.com/support/forums/security.html

This security fix closes SCO incidents sr890909 fz529836
erg712650.


6. Disclaimer

SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers
intended to promote secure installation and use of SCO
products.

______________________________________________________________________________

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (SCO/UNIX_SVR5)

iD8DBQFCB8NIaqoBO7ipriERAk/oAJ9tBctfOjHLXop2OPT36NFNiArmawCggWYf
gPAjKWLglaZDFvzofIGIO00=
=jQkm
- -----END PGP SIGNATURE-----

  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |