-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SCO Security Advisory Subject: OpenLinux: Tcpdump flaws in ISAKMP Advisory number: CSSA-2004-008.0 Issue date: 2004 March 02 Cross reference: sr889071 fz528722 erg712537 CAN-2003-0989 CAN-2004-0057 CAN-2004-0055 ______________________________________________________________________________ 1. Problem Description Tcpdump prints out the headers of packets on a network interface. George Bakos discovered flaws in the ISAKMP decoding routines of tcpdump versions prior to 3.8.1. allows remote attackers to cause a denial of service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0989 to this issue. Jonathan Heusser discovered an additional flaw in the ISAKMP decoding routines for tcpdump 3.8.1 and earlier in the rawprint function in the ISAKMP decoding routines could allow attackers to cause a denial of service via malformed ISAKMP packets that cause invalid "len" or "loc" values to be used in a loop. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0057 to this issue. Jonathan Heusser discovered a flaw in the print_attr_string function in print-radius.c for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service via a RADIUS attribute with a large length value. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0055 to this issue. 2. Vulnerable Supported Versions System Package ---------------------------------------------------------------------- OpenLinux 3.1.1 Server prior to tcpdump-3.8.1-1.i386.rpm OpenLinux 3.1.1 Workstation prior to tcpdump-3.8.1-1.i386.rpm 3. Solution The proper solution is to install the latest packages. Many customers find it easier to use the Caldera System Updater, called cupdate (or kcupdate under the KDE environment), to update these packages rather than downloading and installing them by hand. 4. OpenLinux 3.1.1 Server 4.1 Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-008.0/RPMS 4.2 Packages 390598fc4ef79eacb5d882fc8905b878 tcpdump-3.8.1-1.i386.rpm 4.3 Installation rpm -Fvh tcpdump-3.8.1-1.i386.rpm 4.4 Source Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-008.0/SRPMS 4.5 Source Packages 92c4f001608104cb618a8ad20e28d42c tcpdump-3.8.1-1.src.rpm 5. OpenLinux 3.1.1 Workstation 5.1 Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2004-008.0/RPMS 5.2 Packages 597cda73e6704003d586ab453e2a6c89 tcpdump-3.8.1-1.i386.rpm 5.3 Installation rpm -Fvh tcpdump-3.8.1-1.i386.rpm 5.4 Source Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2004-008.0/SRPMS 5.5 Source Packages 2d6f696cc92deaace62a6ff86e99c436 tcpdump-3.8.1-1.src.rpm 6. References Specific references for this advisory: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0989 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0057 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0055 SCO security resources: http://www.sco.com/support/security/index.html This security fix closes SCO incidents sr889071 fz528722 erg712537. 7. Disclaimer SCO is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of SCO products. 8. Acknowledgements SCO would like to thank Jonathan Heusser and George Bakos. ______________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (SCO/UNIX_SVR5) iD8DBQFARTCbbluZssSXDTERAu8aAJ9OLUXu3XwECnZ/U0Xj90HZAAzJFQCgyFqU rJeU8Thv5BlZBaF7uBOZNJQ= =Qu7F -----END PGP SIGNATURE-----