UnixWare 7.1.3up : tcpdump several vulnerabilities in tcpdump.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SCO Security Advisory
Subject: UnixWare 7.1.3up : tcpdump several vulnerabilities in
tcpdump.
Advisory number: SCOSA-2004.9
Issue date: 2004 July 28
Cross reference: sr889195 fz528784 erg712544
CAN-2004-0055 CAN-2004-0057 CAN-2003-0989
CERT Vulnerability Note VU#955526
CERT Vulnerability Note VU#174086
CERT Vulnerability Note VU#738518
______________________________________________________________________________
1. Problem Description
tcpdump is a widely-used network sniffer.
The issues with tcpdump are present only on UnixWare 7.1.3up and
not on previous versions of UnixWare 7.1.3 or earlier including
Open Unix 8.0.0, because the version of tcpdump UnixWare 7.1.3
and before is 3.4a5 and it doesn't contain these issues.
Remote attackers could potentially exploit these
vulnerabilities by sending carefully-crafted network packets
to a victim. If the victim is running tcpdump, these packets
could result in a denial of service, or possibly execute
arbitrary code.
Jonathan Heusser discovered a flaw in the print_attr_string
function in the RADIUS decoding routines for tcpdump 3.8.1
and earlier. The CERT Coordination Center has assigned the
following Vulnerability Note VU#955526. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the following name CAN-2004-0055 to this issue.
Jonathan Heusser discovered an additional flaw in the ISAKMP
decoding routines for tcpdump 3.8.1 and earlier. The CERT
Coordination Center has assigned the following Vulnerability
Note VU#174086. The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the following name
CAN-2004-0057 to this issue.
George Bakos discovered flaws in the ISAKMP decoding routines
of tcpdump versions prior to 3.8.1. The CERT Coordination
Center has assigned the following Vulnerability Note
VU#738518. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the following name CAN-2003-0989
to this issue.
2. Vulnerable Supported Versions
System Binaries
----------------------------------------------------------------------
UnixWare 7.1.3up /usr/sbin/tcpdump
3. Solution
The proper solution is to install the latest packages.
4. UnixWare 7.1.3up
4.1 Location of Fixed Binaries
ftp://ftp.sco.com/pub/unixware7/713/uw713up/
4.2 Verification
4e9ca2c8b0ea102ceb56a7061fd2a8e1 uw713up4CDimage.iso
0ba3e06b8b9b2a1c77b9c9f90740f0db uw713up4scoxCDimage.iso
ecc8c95d093352fbdb353fefa2a7f01d uw714CD3image.iso
1273f2719d5629e30c90f6ac890d8be2 uw714udkCDimage.iso
c7a7d80de62ca1ef05dd0531f31c773b scox-wss.iso
md5 is available for download from
ftp://ftp.sco.com/pub/security/tools
4.3 Installing Fixed Binaries
Please refer to the release notes for installation instructions
that are located in the same directory as the fixed binaries.
relnotes-up4.html
relnotes-up4.txt
relnotes-up4.pdf
relnotes-scox-wss.txt
relnotes-scox-wss.html
relnotes-udk.txt
relnotes-udk.html
5. References
Specific references for this advisory:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0055
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0989
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0057
http://www.kb.cert.org/vuls/id/174086
http://www.kb.cert.org/vuls/id/738518
http://www.kb.cert.org/vuls/id/955526
SCO security resources:
http://www.sco.com/support/security/index.html
SCO security advisories via email
http://www.sco.com/support/forums/security.html
This security fix closes SCO incidents sr889195 fz528784
erg712544.
6. Disclaimer
SCO is not responsible for the misuse of any of the information
we provide on this web site and/or through our security
advisories. Our advisories are a service to our customers
intended to promote secure installation and use of SCO
products.
______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (SCO/UNIX_SVR5)
iD8DBQFBCBFnaqoBO7ipriERAlrEAJ0bcfYHrVxRo/6afuhyWmHpJmbx+wCgkvio
jGTwdQn9Sw5fyrf7BC/7e2g=
=2Spz
-----END PGP SIGNATURE-----