-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________

			SCO Security Advisory

Subject:		UnixWare 7.1.3 UnixWare 7.1.4 : Tcpdump Denial of Service
Advisory number:	SCOSA-2005.60
Issue date:		2005 December 16
Cross reference:	sr893915 erg712849 fz532314
			CVE-2005-1278 CVE-2005-1279 CVE-2005-1280
______________________________________________________________________________


1. Problem Description

	Various flaws in tcpdump can  allow remote attackers to cause
	denial of service.
	
	The Common Vulnerabilities and Exposures project (cve.mitre.org)
	has assigned the following names to these issue: CVE-2005-1278,
	CVE-2005-1279, CVE-2005-1280.


2. Vulnerable Supported Versions

	System				Binaries
	----------------------------------------------------------------------
	UnixWare 7.1.3 			/usr/sbin/tcpdump
	UnixWare 7.1.4 			/usr/sbin/tcpdump


3. Solution

	The proper solution is to install the latest packages.


4. UnixWare 7.1.3

	4.1 Location of Fixed Binaries

	ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.60


	4.2 Verification

	MD5 (p532314.image) = 065c23a3c5f662f5bbf9a1f34a6fbeba

	md5 is available for download from
		ftp://ftp.sco.com/pub/security/tools


	4.3 Installing Fixed Binaries

	The following package should be installed on your
	system before you install this fix:

		UnixWare 7.1.3 Maintenance Pack 5

	Upgrade the affected binaries with the following sequence:

	Download p532314.image to the /var/spool/pkg directory.

	# pkgadd -d /var/spool/pkg/p532314.image


5. UnixWare 7.1.4

	5.1 Location of Fixed Binaries

	ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.60


	5.2 Verification

	MD5 (p532314.image) = 065c23a3c5f662f5bbf9a1f34a6fbeba

	md5 is available for download from
		ftp://ftp.sco.com/pub/security/tools


	5.3 Installing Fixed Binaries

	The following package should be installed on your
	system before you install this fix:

		UnixWare 7.1.4 Maintenance Pack 2

	Upgrade the affected binaries with the following sequence:

	Download p532314.image to the /var/spool/pkg directory.

	# pkgadd -d /var/spool/pkg/p532314.image


6. References

	Specific references for this advisory:
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1278
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1279
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1280

	SCO security resources:
		http://www.sco.com/support/security/index.html

	SCO security advisories via email
		http://www.sco.com/support/forums/security.html

	This security fix closes SCO incidents sr893915 erg712849
	fz532314.


7. Disclaimer

	SCO is not responsible for the misuse of any of the information
	we provide on this website and/or through our security
	advisories. Our advisories are a service to our customers
	intended to promote secure installation and use of SCO
	products.

______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (UnixWare)

iD8DBQFDo1jMaqoBO7ipriERApNVAJ43066O/0OGdxsSHxzd6aba+2jZFQCgnKOT
jNeLmBn/yj5Hua+4eVnG4gU=
=hsOH
-----END PGP SIGNATURE-----