___________________________________________________________________________

	    Caldera International, Inc. Security Advisory

Subject:		OpenServer: IPFilter may incorrectly pass packets
Advisory number: 	CSSA-2002-SCO.9
Issue date: 		2002 March 11
Cross reference:
___________________________________________________________________________


1. Problem Description

	When matching a packet fragment, insufficient checks were
	performed to ensure the fragment is valid.  Malicious remote
	users may be able to bypass filtering rules, allowing them to
	potentially circumvent the firewall.


2. Vulnerable Supported Versions

	Operating System	Version		Affected Files
	------------------------------------------------------------------
	OpenServer		<= 5.0.6a	/etc/ipnat
						/etc/ipfnat
						/etc/conf/pack.d/ipl/Driver.o
						/etc/ipmon
						/etc/ipfstat
						/etc/ipf


3. Workaround

	None.


4. OpenServer

  4.1 Location of Fixed Binaries

	ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.9/


  4.2 Verification

	MD5 (erg711678) = 7608023bdd367331a8088a92b114db5c

	md5 is available for download from
		ftp://stage.caldera.com/pub/security/tools/


  4.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following commands:

	Download erg711678 to the /tmp directory

	# cd /tmp
	# tar xvf erg711678

	Run the custom command, specify an install from media images,
	and specify the /tmp directory as the location of the images.


5. References

	This and other advisories are located at
		http://stage.caldera.com/support/security

	This advisory addresses Caldera Security internal incidents
	SCO-236-1763, erg711678


6. Disclaimer

	Caldera International, Inc. is not responsible for the misuse
	of any of the information we provide on our website and/or
	through our security advisories. Our advisories are a service
	to our customers intended to promote secure installation and
	use of Caldera International products.


7. Acknowledgements

	Caldera would like to admit borrowing the problem description
	text from FreeBSD security advisory FreeBSD-SA-01:32.

___________________________________________________________________________