-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SCO Security Advisory Subject: UnixWare 7.1.3 UnixWare 7.1.4 : TCP Remote ICMP Denial Of Service Vulnerabilities Advisory number: SCOSA-2005.36 Issue date: 2005 September 02 Cross reference: sr892502 fz530661 erg712758 CAN-2004-1060 CAN-2004-0791 CAN-2004-0790 CAN-2005-0068 CAN-2005-0067 CAN-2005-0066 CAN-2005-0065 ______________________________________________________________________________ 1. Problem Description The Internet Control Message Protocol is used to alert hosts on a network about certain situations, and the hosts then take automatic action to prevent network failures or to improve transport efficiency. The RFC recommends no security checking for in-bound ICMP messages, so long as a related connection exists, and may potentially allow several different Denials of Service. The following individual attacks are reported: A blind connection-reset attack is reported, which takes advantage of the specification that describes that on receiving a 'hard' ICMP error, the corresponding connection should be aborted. A remote attacker may terminate target TCP connections and deny service for legitimate users. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0790 to this issue. An ICMP Source Quench attack is reported, which exploits the specification that a host must react to ICMP Source Quench messages by slowing transmission on the associated connection. A remote attacker may effectively degrade performance for a legitimate connection. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0791 to this issue. A suitable forged ICMP PMTUD message may be used to reduce the MTU for a given connection in a similar manner. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1060 to this issue. 2. Vulnerable Supported Versions System Binaries ---------------------------------------------------------------------- UnixWare 7.1.3 /etc/conf/pack.d/inet/Driver_atup.o /etc/conf/pack.d/inet/Driver_mp.o UnixWare 7.1.4 /etc/conf/pack.d/inet/Driver_atup.o /etc/conf/pack.d/inet/Driver_mp.o /etc/conf/pack.d/inet/space.c 3. Solution The proper solution is to install the latest packages. 4. UnixWare 7.1.3 4.1 Location of Fixed Binaries ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.36 4.2 Verification MD5 (erg712758.uw713.pkg.Z) = 84c7d2f7e133f39ec15fceed717f080b md5 is available for download from ftp://ftp.sco.com/pub/security/tools 4.3 Installing Fixed Binaries Upgrade the affected binaries with the following sequence: Download erg712758.uw713.pkg.Z to the /var/spool/pkg directory # uncompress /var/spool/pkg/erg712758.uw713.pkg.Z # pkgadd -d /var/spool/pkg/erg712758.uw713.pkg 5. UnixWare 7.1.4 5.1 Location of Fixed Binaries ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.36 5.2 Verification MD5 (erg712758.uw714.pkg.Z) = 30abfc58f1b1439c3cfec624b66db5c5 md5 is available for download from ftp://ftp.sco.com/pub/security/tools 5.3 Installing Fixed Binaries Upgrade the affected binaries with the following sequence: Download erg712758.uw714.pkg.Z to the /var/spool/pkg directory # uncompress /var/spool/pkg/erg712758.uw714.pkg.Z # pkgadd -d /var/spool/pkg/erg712758.uw714.pkg 6. References Specific references for this advisory: http://securityfocus.com/bid/13124 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1060 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0791 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0790 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0068 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0067 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0066 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0065 SCO security resources: http://www.sco.com/support/security/index.html SCO security advisories via email http://www.sco.com/support/forums/security.html This security fix closes SCO incidents sr892502 fz530661 erg712758. 7. Disclaimer SCO is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of SCO products. 8. Acknowledgments The SCO Group would like to thank Fernando Gont for reporting these issues. ______________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (SCO_SV) Comment: For info see http://www.gnupg.org iEYEARECAAYFAkMggckACgkQaqoBO7ipriGcngCgrTaHoSk6WLR76EXoj7h/O8JN rJEAnR+Nd1WMFZkks40zJ3C6r9Fg1uSj =zNyh -----END PGP SIGNATURE-----