-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________

			SCO Security Advisory

Subject:		OpenServer 6.0.0 : Tcpdump Denial of Service
Advisory number:	SCOSA-2005.61
Issue date:		2005 December 16
Cross reference:	sr895065 erg712955 fz533034
			CVE-2005-1278 CVE-2005-1279 CVE-2005-1280
			
______________________________________________________________________________


1. Problem Description

	Various flaws in tcpdump can  allow remote attackers to cause
	denial of service.
	
	The Common Vulnerabilities and Exposures project (cve.mitre.org)
	has assigned the following names to these issue: CVE-2005-1278,
	CVE-2005-1279, CVE-2005-1280.


2. Vulnerable Supported Versions

	System				Binaries
	----------------------------------------------------------------------
	OpenServer 6.0.0 		/usr/sbin/tcpdump


3. Solution

	The proper solution is to install the latest packages.


4. OpenServer 6.0.0

	4.1 Location of Fixed Binaries

	ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.61


	4.2 Verification

	MD5 (VOL.000.000) = ad7a7a888c20039f715dc46badb524ba

	md5 is available for download from
		ftp://ftp.sco.com/pub/security/tools


	4.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following sequence:

	1) Download the VOL* files to a directory.

	2) Run the custom command, specify an install
	   from media images, and specify the directory as
	   the location of the images.


5. References

	Specific references for this advisory:
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1278
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1279
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1280

	SCO security resources:
		http://www.sco.com/support/security/index.html

	SCO security advisories via email
		http://www.sco.com/support/forums/security.html

	This security fix closes SCO incidents sr895065 erg712955
	fz533034.


6. Disclaimer

	SCO is not responsible for the misuse of any of the information
	we provide on this website and/or through our security
	advisories. Our advisories are a service to our customers
	intended to promote secure installation and use of SCO
	products.

______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (UnixWare)

iD8DBQFDo1qWaqoBO7ipriERAjpxAJ4h+QAqIYlzRLtUlHgRgqTUpZgDjQCgop0Q
x63DO04vg1jW/7LXsDa0R84=
=XZWr
-----END PGP SIGNATURE-----