UnixWare 7.1.3up : tcpdump several vulnerabilities in tcpdump.

please_reply_to_security_at_sco.com
Date: 07/28/04

  • Next message: Mandrake Linux Security Team: "[Full-Disclosure] MDKSA-2004:076 - Updated sox packages fix buffer overflows with malicious .wav files"
    To: security-announce@list.sco.com, bugtraq@securityfocus.com, full-disclosure@lists.netsys.com
    Date: Wed, 28 Jul 2004 13:55:25 -0700 (PDT)
    
    

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    ______________________________________________________________________________

                            SCO Security Advisory

    Subject: UnixWare 7.1.3up : tcpdump several vulnerabilities in tcpdump.
    Advisory number: SCOSA-2004.9
    Issue date: 2004 July 28
    Cross reference: sr889195 fz528784 erg712544
                            CAN-2004-0055 CAN-2004-0057 CAN-2003-0989
                            CERT Vulnerability Note VU#955526
                            CERT Vulnerability Note VU#174086
                            CERT Vulnerability Note VU#738518
    ______________________________________________________________________________

    1. Problem Description

            tcpdump is a widely-used network sniffer.

            The issues with tcpdump are present only on UnixWare 7.1.3up and
            not on previous versions of UnixWare 7.1.3 or earlier including
            Open Unix 8.0.0, because the version of tcpdump UnixWare 7.1.3
            and before is 3.4a5 and it doesn't contain these issues.

            Remote attackers could potentially exploit these
            vulnerabilities by sending carefully-crafted network packets
            to a victim. If the victim is running tcpdump, these packets
            could result in a denial of service, or possibly execute
            arbitrary code.

            Jonathan Heusser discovered a flaw in the print_attr_string
            function in the RADIUS decoding routines for tcpdump 3.8.1
            and earlier. The CERT Coordination Center has assigned the
            following Vulnerability Note VU#955526. The Common
            Vulnerabilities and Exposures project (cve.mitre.org) has
            assigned the following name CAN-2004-0055 to this issue.

            Jonathan Heusser discovered an additional flaw in the ISAKMP
            decoding routines for tcpdump 3.8.1 and earlier. The CERT
            Coordination Center has assigned the following Vulnerability
            Note VU#174086. The Common Vulnerabilities and Exposures
            project (cve.mitre.org) has assigned the following name
            CAN-2004-0057 to this issue.

            George Bakos discovered flaws in the ISAKMP decoding routines
            of tcpdump versions prior to 3.8.1. The CERT Coordination
            Center has assigned the following Vulnerability Note
            VU#738518. The Common Vulnerabilities and Exposures project
            (cve.mitre.org) has assigned the following name CAN-2003-0989
            to this issue.

    2. Vulnerable Supported Versions

            System Binaries
            ----------------------------------------------------------------------
            UnixWare 7.1.3up /usr/sbin/tcpdump

    3. Solution

            The proper solution is to install the latest packages.

    4. UnixWare 7.1.3up

            4.1 Location of Fixed Binaries

            ftp://ftp.sco.com/pub/unixware7/713/uw713up/

            4.2 Verification

            4e9ca2c8b0ea102ceb56a7061fd2a8e1 uw713up4CDimage.iso
            0ba3e06b8b9b2a1c77b9c9f90740f0db uw713up4scoxCDimage.iso
            ecc8c95d093352fbdb353fefa2a7f01d uw714CD3image.iso
            1273f2719d5629e30c90f6ac890d8be2 uw714udkCDimage.iso
            c7a7d80de62ca1ef05dd0531f31c773b scox-wss.iso

            md5 is available for download from
                    ftp://ftp.sco.com/pub/security/tools

            4.3 Installing Fixed Binaries

            Please refer to the release notes for installation instructions
            that are located in the same directory as the fixed binaries.

            relnotes-up4.html
            relnotes-up4.txt
            relnotes-up4.pdf

            relnotes-scox-wss.txt
            relnotes-scox-wss.html

            relnotes-udk.txt
            relnotes-udk.html

    5. References

            Specific references for this advisory:
                    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0055
                    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0989
                    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0057
                    http://www.kb.cert.org/vuls/id/174086
                    http://www.kb.cert.org/vuls/id/738518
                    http://www.kb.cert.org/vuls/id/955526

            SCO security resources:
                    http://www.sco.com/support/security/index.html
            SCO security advisories via email
                    http://www.sco.com/support/forums/security.html

            This security fix closes SCO incidents sr889195 fz528784
            erg712544.

    6. Disclaimer

            SCO is not responsible for the misuse of any of the information
            we provide on this web site and/or through our security
            advisories. Our advisories are a service to our customers
            intended to promote secure installation and use of SCO
            products.

    ______________________________________________________________________________

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.4 (SCO/UNIX_SVR5)

    iD8DBQFBCBFnaqoBO7ipriERAlrEAJ0bcfYHrVxRo/6afuhyWmHpJmbx+wCgkvio
    jGTwdQn9Sw5fyrf7BC/7e2g=
    =2Spz
    -----END PGP SIGNATURE-----


  • Next message: Mandrake Linux Security Team: "[Full-Disclosure] MDKSA-2004:076 - Updated sox packages fix buffer overflows with malicious .wav files"

    Relevant Pages