[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] SCOSA-2005.61 OpenServer 6.0.0 : Tcpdump Denial of Service

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________

                        SCO Security Advisory

Subject:                OpenServer 6.0.0 : Tcpdump Denial of Service
Advisory number:        SCOSA-2005.61
Issue date:             2005 December 16
Cross reference:        sr895065 erg712955 fz533034
                        CVE-2005-1278 CVE-2005-1279 CVE-2005-1280

______________________________________________________________________________


1. Problem Description

        Various flaws in tcpdump can  allow remote attackers to cause
        denial of service.

        The Common Vulnerabilities and Exposures project (cve.mitre.org)
        has assigned the following names to these issue: CVE-2005-1278,
        CVE-2005-1279, CVE-2005-1280.


2. Vulnerable Supported Versions

        System                          Binaries
        ----------------------------------------------------------------------
        OpenServer 6.0.0                /usr/sbin/tcpdump


3. Solution

        The proper solution is to install the latest packages.


4. OpenServer 6.0.0

        4.1 Location of Fixed Binaries

        ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.61


    4.2 Verification

        MD5 (VOL.000.000) = ad7a7a888c20039f715dc46badb524ba

        md5 is available for download from
                ftp://ftp.sco.com/pub/security/tools


    4.3 Installing Fixed Binaries

        Upgrade the affected binaries with the following sequence:

        1) Download the VOL* files to a directory.

        2) Run the custom command, specify an install
           from media images, and specify the directory as
           the location of the images.


5. References

        Specific references for this advisory:
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1278
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1279
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1280

        SCO security resources:
                http://www.sco.com/support/security/index.html

        SCO security advisories via email
                http://www.sco.com/support/forums/security.html

        This security fix closes SCO incidents sr895065 erg712955
        fz533034.


6. Disclaimer

        SCO is not responsible for the misuse of any of the information
        we provide on this website and/or through our security
        advisories. Our advisories are a service to our customers
        intended to promote secure installation and use of SCO
        products.

______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (UnixWare)

iD8DBQFDo1qWaqoBO7ipriERAjpxAJ4h+QAqIYlzRLtUlHgRgqTUpZgDjQCgop0Q
x63DO04vg1jW/7LXsDa0R84=
=XZWr
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/