-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SCO Security Advisory Subject: UnixWare 7.1.3up : tcpdump several vulnerabilities in tcpdump. Advisory number: SCOSA-2004.9 Issue date: 2004 July 28 Cross reference: sr889195 fz528784 erg712544 CAN-2004-0055 CAN-2004-0057 CAN-2003-0989 CERT Vulnerability Note VU#955526 CERT Vulnerability Note VU#174086 CERT Vulnerability Note VU#738518 ______________________________________________________________________________ 1. Problem Description tcpdump is a widely-used network sniffer. The issues with tcpdump are present only on UnixWare 7.1.3up and not on previous versions of UnixWare 7.1.3 or earlier including Open Unix 8.0.0, because the version of tcpdump UnixWare 7.1.3 and before is 3.4a5 and it doesn't contain these issues. Remote attackers could potentially exploit these vulnerabilities by sending carefully-crafted network packets to a victim. If the victim is running tcpdump, these packets could result in a denial of service, or possibly execute arbitrary code. Jonathan Heusser discovered a flaw in the print_attr_string function in the RADIUS decoding routines for tcpdump 3.8.1 and earlier. The CERT Coordination Center has assigned the following Vulnerability Note VU#955526. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following name CAN-2004-0055 to this issue. Jonathan Heusser discovered an additional flaw in the ISAKMP decoding routines for tcpdump 3.8.1 and earlier. The CERT Coordination Center has assigned the following Vulnerability Note VU#174086. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following name CAN-2004-0057 to this issue. George Bakos discovered flaws in the ISAKMP decoding routines of tcpdump versions prior to 3.8.1. The CERT Coordination Center has assigned the following Vulnerability Note VU#738518. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following name CAN-2003-0989 to this issue. 2. Vulnerable Supported Versions System Binaries ---------------------------------------------------------------------- UnixWare 7.1.3up /usr/sbin/tcpdump 3. Solution The proper solution is to install the latest packages. 4. UnixWare 7.1.3up 4.1 Location of Fixed Binaries ftp://ftp.sco.com/pub/unixware7/713/uw713up/ 4.2 Verification 4e9ca2c8b0ea102ceb56a7061fd2a8e1 uw713up4CDimage.iso 0ba3e06b8b9b2a1c77b9c9f90740f0db uw713up4scoxCDimage.iso ecc8c95d093352fbdb353fefa2a7f01d uw714CD3image.iso 1273f2719d5629e30c90f6ac890d8be2 uw714udkCDimage.iso c7a7d80de62ca1ef05dd0531f31c773b scox-wss.iso md5 is available for download from ftp://ftp.sco.com/pub/security/tools 4.3 Installing Fixed Binaries Please refer to the release notes for installation instructions that are located in the same directory as the fixed binaries. relnotes-up4.html relnotes-up4.txt relnotes-up4.pdf relnotes-scox-wss.txt relnotes-scox-wss.html relnotes-udk.txt relnotes-udk.html 5. References Specific references for this advisory: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0055 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0989 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0057 http://www.kb.cert.org/vuls/id/174086 http://www.kb.cert.org/vuls/id/738518 http://www.kb.cert.org/vuls/id/955526 SCO security resources: http://www.sco.com/support/security/index.html SCO security advisories via email http://www.sco.com/support/forums/security.html This security fix closes SCO incidents sr889195 fz528784 erg712544. 6. Disclaimer SCO is not responsible for the misuse of any of the information we provide on this web site and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of SCO products. ______________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (SCO/UNIX_SVR5) iD8DBQFBCBFnaqoBO7ipriERAlrEAJ0bcfYHrVxRo/6afuhyWmHpJmbx+wCgkvio jGTwdQn9Sw5fyrf7BC/7e2g= =2Spz -----END PGP SIGNATURE-----