<<< Date Index >>>     <<< Thread Index >>>

OpenServer 6.0.0 : TCP Remote ICMP Denial Of Service Vulnerabilities



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



______________________________________________________________________________

                        SCO Security Advisory

Subject:                OpenServer 6.0.0 : TCP Remote ICMP Denial Of Service 
Vulnerabilities
Advisory number:        SCOSA-2005.38
Issue date:             2005 September 22
Cross reference:        sr894918 fz530661 erg712928 CAN-2004-0790 CAN-2004-0791 
CAN-2004-1060
______________________________________________________________________________


1. Problem Description

        The Internet Control Message Protocol is used to alert
        hosts on a network about certain situations, and the hosts
        then take automatic action to prevent network failures or
        to improve transport efficiency. The RFC recommends no
        security checking for in-bound ICMP messages, so long as
        a related connection exists, and may potentially allow
        several different Denials of Service. The following
        individual attacks are reported: A blind connection-reset
        attack is reported, which takes advantage of the specification
        that describes that on receiving a 'hard' ICMP error, the
        corresponding connection should be aborted. A remote
        attacker may terminate target TCP connections and deny
        service for legitimate users. 
         
        The Common Vulnerabilities and Exposures project (cve.mitre.org) 
        has assigned the name CAN-2004-0790 to this issue. 
        
        An ICMP Source Quench
        attack is reported, which exploits the specification that
        a host must react to ICMP Source Quench messages by slowing
        transmission on the associated connection. A remote attacker
        may effectively degrade performance for a legitimate
        connection. 
        
        The Common Vulnerabilities and Exposures project (cve.mitre.org) 
        has assigned the name CAN-2004-0791 to this issue. 
        
        A suitable forged ICMP PMTUD message may be used to reduce the 
        MTU for a given connection in a similar manner. 
        
        The Common Vulnerabilities and Exposures project (cve.mitre.org) 
        has assigned the name CAN-2004-1060 to this issue.


2. Vulnerable Supported Versions

        System                          Binaries
        ----------------------------------------------------------------------
        OpenServer 6.0.0                inet driver


3. Solution

        The proper solution is to install the latest packages.


4. OpenServer 6.0.0

        4.1 Location of Fixed Binaries

        ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.38

        4.2 Verification

        MD5 (VOL.000.000) = 8b97daeeba0c5653d1e01d589109c250

        md5 is available for download from
                ftp://ftp.sco.com/pub/security/tools


        4.3 Installing Fixed Binaries

        Upgrade the affected binaries with the following sequence:

        1) Download the VOL* files to a directory

        2) Run the custom command, specify an install from media
        images, and specify the directory as the location of the
        images.


5. References

        Specific references for this advisory:
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0790 
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0791 
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1060

        SCO security resources:
                http://www.sco.com/support/security/index.html

        SCO security advisories via email
                http://www.sco.com/support/forums/security.html

        This security fix closes SCO incidents sr894918 fz530661
        erg712928.


6. Disclaimer

        SCO is not responsible for the misuse of any of the information
        we provide on this website and/or through our security
        advisories. Our advisories are a service to our customers
        intended to promote secure installation and use of SCO
        products.


7. Acknowledgments

        The SCO Group would like to thank Fernando Gont for reporting
        these issues.

______________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (SCO/SYSV)

iD8DBQFDMuH6aqoBO7ipriERAjZ/AJ9GJGsylMBOlEbT8qb4enKIoCQxfACghPMk
rTKK50snfn12AXxAffKBVrU=
=KMrf
-----END PGP SIGNATURE-----