UnixWare 7.1.3up : tcpdump several vulnerabilities in tcpdump.

To: security-announce@xxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx, full-disclosure@xxxxxxxxxxxxxxxx
Subject: UnixWare 7.1.3up : tcpdump several vulnerabilities in tcpdump.
From: please_reply_to_security@xxxxxxx
Date: Wed, 28 Jul 2004 13:55:25 -0700 (PDT)
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Reply-to: please_reply_to_security@xxxxxxx

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


______________________________________________________________________________

                        SCO Security Advisory

Subject:                UnixWare 7.1.3up : tcpdump several vulnerabilities in 
tcpdump.
Advisory number:        SCOSA-2004.9
Issue date:             2004 July 28
Cross reference:        sr889195 fz528784 erg712544 
                        CAN-2004-0055 CAN-2004-0057 CAN-2003-0989
                        CERT Vulnerability Note VU#955526
                        CERT Vulnerability Note VU#174086
                        CERT Vulnerability Note VU#738518
______________________________________________________________________________


1. Problem Description

        tcpdump is a widely-used network sniffer. 

        The issues with tcpdump are present only on UnixWare 7.1.3up and 
        not on previous versions of UnixWare 7.1.3 or earlier including
        Open Unix 8.0.0, because the version of tcpdump UnixWare 7.1.3 
        and before is 3.4a5 and it doesn't contain these issues.

        Remote  attackers  could  potentially  exploit  these 
        vulnerabilities by sending carefully-crafted network packets 
        to a victim. If the victim is running tcpdump, these packets    
        could result in a denial of service, or possibly execute 
        arbitrary code. 

        Jonathan Heusser discovered a flaw in the print_attr_string 
        function in the RADIUS decoding routines for tcpdump 3.8.1 
        and earlier. The CERT Coordination Center has assigned the 
        following  Vulnerability  Note  VU#955526.   The  Common 
        Vulnerabilities and Exposures project (cve.mitre.org) has 
        assigned the following name CAN-2004-0055 to this issue. 

        Jonathan Heusser discovered an additional flaw in the ISAKMP 
        decoding routines for tcpdump 3.8.1 and earlier. The CERT 
        Coordination Center has assigned the following Vulnerability 
        Note VU#174086.  The Common Vulnerabilities and Exposures 
        project (cve.mitre.org) has assigned the following name 
        CAN-2004-0057 to this issue.

        George Bakos discovered flaws in the ISAKMP decoding routines
        of tcpdump versions prior to 3.8.1. The CERT Coordination
        Center has assigned the following Vulnerability Note
        VU#738518. The Common Vulnerabilities and Exposures project
        (cve.mitre.org) has assigned the following name CAN-2003-0989
        to this issue. 

2. Vulnerable Supported Versions

        System                          Binaries
        ----------------------------------------------------------------------
        UnixWare 7.1.3up                /usr/sbin/tcpdump       

3. Solution

        The proper solution is to install the latest packages.


4. UnixWare 7.1.3up

        4.1 Location of Fixed Binaries

        ftp://ftp.sco.com/pub/unixware7/713/uw713up/

        4.2 Verification

        4e9ca2c8b0ea102ceb56a7061fd2a8e1  uw713up4CDimage.iso
        0ba3e06b8b9b2a1c77b9c9f90740f0db  uw713up4scoxCDimage.iso
        ecc8c95d093352fbdb353fefa2a7f01d  uw714CD3image.iso
        1273f2719d5629e30c90f6ac890d8be2  uw714udkCDimage.iso
        c7a7d80de62ca1ef05dd0531f31c773b  scox-wss.iso

        md5 is available for download from
                ftp://ftp.sco.com/pub/security/tools

        4.3 Installing Fixed Binaries

        Please refer to the release notes for installation instructions
        that are located in the same directory as the fixed binaries.

        relnotes-up4.html
        relnotes-up4.txt
        relnotes-up4.pdf

        relnotes-scox-wss.txt
        relnotes-scox-wss.html

        relnotes-udk.txt
        relnotes-udk.html

5. References

        Specific references for this advisory:
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0055 
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0989 
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0057
                http://www.kb.cert.org/vuls/id/174086
                http://www.kb.cert.org/vuls/id/738518
                http://www.kb.cert.org/vuls/id/955526

        SCO security resources:
                http://www.sco.com/support/security/index.html
        SCO security advisories via email
                http://www.sco.com/support/forums/security.html

        This security fix closes SCO incidents sr889195 fz528784
        erg712544.


6. Disclaimer

        SCO is not responsible for the misuse of any of the information
        we provide on this web site and/or through our security
        advisories. Our advisories are a service to our customers
        intended to promote secure installation and use of SCO
        products.

______________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (SCO/UNIX_SVR5)

iD8DBQFBCBFnaqoBO7ipriERAlrEAJ0bcfYHrVxRo/6afuhyWmHpJmbx+wCgkvio
jGTwdQn9Sw5fyrf7BC/7e2g=
=2Spz
-----END PGP SIGNATURE-----

Prev by Date: ERRATA: [ GLSA 200407-21 ] Samba: Multiple buffer overflows
Next by Date: Re: [Full-Disclosure] Crash IE with 11 bytes ;)
Previous by thread: ERRATA: [ GLSA 200407-21 ] Samba: Multiple buffer overflows
Next by thread: Re: [Full-Disclosure] Crash IE with 11 bytes ;)
Index(es):
- Date
- Thread