Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

OpenLinux: Tcpdump flaws in ISAKMP

From: please_reply_to_security () sco com
Date: Tue, 2 Mar 2004 17:23:18 -0800 (PST)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


______________________________________________________________________________

                        SCO Security Advisory

Subject:                OpenLinux: Tcpdump flaws in ISAKMP
Advisory number:        CSSA-2004-008.0
Issue date:             2004 March 02
Cross reference:        sr889071 fz528722 erg712537 CAN-2003-0989 CAN-2004-0057 CAN-2004-0055 
______________________________________________________________________________


1. Problem Description

        Tcpdump prints  out  the  headers of packets on a network 
        interface.

        George Bakos discovered flaws in the ISAKMP decoding
        routines of tcpdump versions prior to 3.8.1. allows remote 
        attackers to cause a denial of service.  The Common
        Vulnerabilities and Exposures project (cve.mitre.org) has 
        assigned the name CAN-2003-0989 to this issue. 

        Jonathan Heusser discovered an additional flaw in the ISAKMP 
        decoding routines for tcpdump 3.8.1 and earlier in the  
        rawprint function in the ISAKMP decoding routines could allow  
        attackers to cause a denial of service via malformed ISAKMP 
        packets that cause invalid "len" or "loc" values to be used 
        in a loop.  The Common Vulnerabilities and Exposures project 
        (cve.mitre.org) has assigned the name CAN-2004-0057 to this 
        issue. 

        Jonathan Heusser discovered a flaw in the print_attr_string 
        function in print-radius.c for tcpdump 3.8.1 and earlier 
        allows remote attackers to cause a denial of service via a 
        RADIUS attribute with a large length value.  The Common 
        Vulnerabilities and Exposures project (cve.mitre.org) 
        has assigned the name CAN-2004-0055 to this issue. 

2. Vulnerable Supported Versions

        System                          Package
        ----------------------------------------------------------------------
        OpenLinux 3.1.1 Server          prior to tcpdump-3.8.1-1.i386.rpm
        OpenLinux 3.1.1 Workstation     prior to tcpdump-3.8.1-1.i386.rpm


3. Solution

        The proper solution is to install the latest packages. Many
        customers find it easier to use the Caldera System Updater, called
        cupdate (or kcupdate under the KDE environment), to update these
        packages rather than downloading and installing them by hand.


4. OpenLinux 3.1.1 Server

        4.1 Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-008.0/RPMS

        4.2 Packages

        390598fc4ef79eacb5d882fc8905b878        tcpdump-3.8.1-1.i386.rpm

        4.3 Installation

        rpm -Fvh tcpdump-3.8.1-1.i386.rpm

        4.4 Source Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-008.0/SRPMS

        4.5 Source Packages

        92c4f001608104cb618a8ad20e28d42c        tcpdump-3.8.1-1.src.rpm


5. OpenLinux 3.1.1 Workstation

        5.1 Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2004-008.0/RPMS

        5.2 Packages

        597cda73e6704003d586ab453e2a6c89        tcpdump-3.8.1-1.i386.rpm

        5.3 Installation

        rpm -Fvh tcpdump-3.8.1-1.i386.rpm

        5.4 Source Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2004-008.0/SRPMS

        5.5 Source Packages

        2d6f696cc92deaace62a6ff86e99c436        tcpdump-3.8.1-1.src.rpm


6. References

        Specific references for this advisory:
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0989
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0057
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0055

        SCO security resources:
                http://www.sco.com/support/security/index.html

        This security fix closes SCO incidents sr889071 fz528722
        erg712537.


7. Disclaimer

        SCO is not responsible for the misuse of any of the information
        we provide on this website and/or through our security
        advisories. Our advisories are a service to our customers intended
        to promote secure installation and use of SCO products.


8. Acknowledgements

        SCO would like to thank Jonathan Heusser and George Bakos.

______________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (SCO/UNIX_SVR5)

iD8DBQFARTCbbluZssSXDTERAu8aAJ9OLUXu3XwECnZ/U0Xj90HZAAzJFQCgyFqU
rJeU8Thv5BlZBaF7uBOZNJQ=
=Qu7F
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: