Subject: OpenServer 6.0.0 : TCP Remote ICMP Denial Of Service
Vulnerabilities
Advisory number: SCOSA-2005.38
Issue date: 2005 September 22
Cross reference: sr894918 fz530661 erg712928 CAN-2004-0790 CAN-2004-0791
CAN-2004-1060
________________________________________________________________________
______
1. Problem Description
The Internet Control Message Protocol is used to alert
hosts on a network about certain situations, and the hosts
then take automatic action to prevent network failures or
to improve transport efficiency. The RFC recommends no
security checking for in-bound ICMP messages, so long as
a related connection exists, and may potentially allow
several different Denials of Service. The following
individual attacks are reported: A blind connection-reset
attack is reported, which takes advantage of the specification
that describes that on receiving a 'hard' ICMP error, the
corresponding connection should be aborted. A remote
attacker may terminate target TCP connections and deny
service for legitimate users.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2004-0790 to this issue.
An ICMP Source Quench
attack is reported, which exploits the specification that
a host must react to ICMP Source Quench messages by slowing
transmission on the associated connection. A remote attacker
may effectively degrade performance for a legitimate
connection.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2004-0791 to this issue.
A suitable forged ICMP PMTUD message may be used to reduce the
MTU for a given connection in a similar manner.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2004-1060 to this issue.
2. Vulnerable Supported Versions
System Binaries
----------------------------------------------------------------------
OpenServer 6.0.0 inet driver
3. Solution
The proper solution is to install the latest packages.
md5 is available for download from
ftp://ftp.sco.com/pub/security/tools
4.3 Installing Fixed Binaries
Upgrade the affected binaries with the following sequence:
1) Download the VOL* files to a directory
2) Run the custom command, specify an install from media
images, and specify the directory as the location of the
images.
5. References
Specific references for this advisory:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0790
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0791
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1060
SCO security advisories via email
http://www.sco.com/support/forums/security.html
This security fix closes SCO incidents sr894918 fz530661
erg712928.
6. Disclaimer
SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers
intended to promote secure installation and use of SCO
products.
7. Acknowledgments
The SCO Group would like to thank Fernando Gont for reporting
these issues.
If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com.