-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
________________________________________________________________________
______
SCO Security Advisory
Subject: OpenServer 6.0.0 : TCP Remote ICMP Denial Of Service Vulnerabilities
Advisory number: SCOSA-2005.38
Issue date: 2005 September 22
Cross reference: sr894918 fz530661 erg712928 CAN-2004-0790 CAN-2004-0791 CAN-2004-1060
________________________________________________________________________
______
1. Problem Description
The Internet Control Message Protocol is used to alert
hosts on a network about certain situations, and the hosts
then take automatic action to prevent network failures or
to improve transport efficiency. The RFC recommends no
security checking for in-bound ICMP messages, so long as
a related connection exists, and may potentially allow
several different Denials of Service. The following
individual attacks are reported: A blind connection-reset
attack is reported, which takes advantage of the specification
that describes that on receiving a 'hard' ICMP error, the
corresponding connection should be aborted. A remote
attacker may terminate target TCP connections and deny
service for legitimate users.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2004-0790 to this issue.
An ICMP Source Quench
attack is reported, which exploits the specification that
a host must react to ICMP Source Quench messages by slowing
transmission on the associated connection. A remote attacker
may effectively degrade performance for a legitimate
connection.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2004-0791 to this issue.
A suitable forged ICMP PMTUD message may be used to reduce the
MTU for a given connection in a similar manner.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2004-1060 to this issue.
2. Vulnerable Supported Versions
System Binaries
----------------------------------------------------------------------
OpenServer 6.0.0 inet driver
3. Solution
The proper solution is to install the latest packages.
4. OpenServer 6.0.0
4.1 Location of Fixed Binaries
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.38
4.2 Verification
MD5 (VOL.000.000) = 8b97daeeba0c5653d1e01d589109c250
md5 is available for download from
ftp://ftp.sco.com/pub/security/tools
4.3 Installing Fixed Binaries
Upgrade the affected binaries with the following sequence:
1) Download the VOL* files to a directory
2) Run the custom command, specify an install from media
images, and specify the directory as the location of the
images.
5. References
Specific references for this advisory:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0790
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0791
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1060
SCO security resources:
http://www.sco.com/support/security/index.html
SCO security advisories via email
http://www.sco.com/support/forums/security.html
This security fix closes SCO incidents sr894918 fz530661
erg712928.
6. Disclaimer
SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers
intended to promote secure installation and use of SCO
products.
7. Acknowledgments
The SCO Group would like to thank Fernando Gont for reporting
these issues.
________________________________________________________________________
______
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (SCO/SYSV)
iD8DBQFDMuH6aqoBO7ipriERAjZ/AJ9GJGsylMBOlEbT8qb4enKIoCQxfACghPMk
rTKK50snfn12AXxAffKBVrU=
=KMrf
-----END PGP SIGNATURE-----
This information is provided for TESTING and LEGAL RESEARCH purposes only. All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum