SecurityReason.com - Our Reason is

Security

Register | Forget Password | Login
Search :
SecurityReason
IT News
Search
SecurityAlert Database
About SecurityAlert
ExploitAlert Database
SecurityReason Research
WLB
WLB Database
Send to WLB
About WLB
Services
Security Audit
Schedule
Prices of services
Contact
RSS
SecurityReason IT News
SecurityAlert
World Laboratory of Bugtraq
ExploitAlert
Apache
PHP
Corporate
Contact
About SecurityReason
Note

If you have found a vulnerability, please send to our SecurityAlert Database :
secalert()securityreason()com

Also if you have new ( 0-day ) exploit, please send to our ExploitAlert Archive :
exploit()securityreason()com
Home arrow SecurityAlert Database

Arrow  Topic :

OpenServer 6.0.0 : TCP Remote ICMP Denial Of Service Vulnerabilities


Arrow  SecurityAlert : 19
Arrow  CVE : CVE-2004-0790
Arrow  CVE : CVE-2004-0791
Arrow  CVE : CVE-2004-1060
Arrow  SecurityRisk : Medium  Security Risk Medium  (About)
Arrow  Remote Exploit : Yes
Arrow  Local Exploit : No
Arrow  Exploit Given : No
Arrow  Credit : SCO Security Advisory
Arrow  Published : 24.09.2005

Arrow  Affected Software : OpenServer 6.0.0



Arrow  Advisory Text :  

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

________________________________________________________________________
______

SCO Security Advisory

Subject: OpenServer 6.0.0 : TCP Remote ICMP Denial Of Service
Vulnerabilities
Advisory number: SCOSA-2005.38
Issue date: 2005 September 22
Cross reference: sr894918 fz530661 erg712928 CAN-2004-0790 CAN-2004-0791
CAN-2004-1060
________________________________________________________________________
______

1. Problem Description

The Internet Control Message Protocol is used to alert
hosts on a network about certain situations, and the hosts
then take automatic action to prevent network failures or
to improve transport efficiency. The RFC recommends no
security checking for in-bound ICMP messages, so long as
a related connection exists, and may potentially allow
several different Denials of Service. The following
individual attacks are reported: A blind connection-reset
attack is reported, which takes advantage of the specification
that describes that on receiving a 'hard' ICMP error, the
corresponding connection should be aborted. A remote
attacker may terminate target TCP connections and deny
service for legitimate users.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2004-0790 to this issue.

An ICMP Source Quench
attack is reported, which exploits the specification that
a host must react to ICMP Source Quench messages by slowing
transmission on the associated connection. A remote attacker
may effectively degrade performance for a legitimate
connection.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2004-0791 to this issue.

A suitable forged ICMP PMTUD message may be used to reduce the
MTU for a given connection in a similar manner.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2004-1060 to this issue.

2. Vulnerable Supported Versions

System Binaries
----------------------------------------------------------------------
OpenServer 6.0.0 inet driver

3. Solution

The proper solution is to install the latest packages.

4. OpenServer 6.0.0

4.1 Location of Fixed Binaries

ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.38

4.2 Verification

MD5 (VOL.000.000) = 8b97daeeba0c5653d1e01d589109c250

md5 is available for download from
ftp://ftp.sco.com/pub/security/tools

4.3 Installing Fixed Binaries

Upgrade the affected binaries with the following sequence:

1) Download the VOL* files to a directory

2) Run the custom command, specify an install from media
images, and specify the directory as the location of the
images.

5. References

Specific references for this advisory:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0790
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0791
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1060

SCO security resources:
http://www.sco.com/support/security/index.html

SCO security advisories via email
http://www.sco.com/support/forums/security.html

This security fix closes SCO incidents sr894918 fz530661
erg712928.

6. Disclaimer

SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers
intended to promote secure installation and use of SCO
products.

7. Acknowledgments

The SCO Group would like to thank Fernando Gont for reporting
these issues.

________________________________________________________________________
______

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (SCO/SYSV)

iD8DBQFDMuH6aqoBO7ipriERAjZ/AJ9GJGsylMBOlEbT8qb4enKIoCQxfACghPMk
rTKK50snfn12AXxAffKBVrU=
=KMrf
-----END PGP SIGNATURE-----



Arrow  Feedback :

If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com.
Alert

Multiple Vendors libc/gdtoa printf(3) Array Overrun

Security Risk High- 2009-05-30

SecurityReason realised new advisory about vulnerabilities libc/gdtoa...
Apache RSS Apache Alert

» Apache Tomcat
   RequestDispatcher
   directory traversal
   vulnerability

» Apache mod_dav / svn
   Remote Denial of Service
   Exploit

» Apache Tomcat Information
   disclosure

» Apache Tomcat User
   enumeration vulnerability
   with FORM authentication
PHP RSS PHP Alert

» PHP 5.2.9 curl safe_mode
   & open_basedir bypass

» PHP 5.2.6 SAPI
   php_getuid() overload

» PHP
   ZipArchive::extractTo()
   Directory Traversal
   Vulnerability

» PHP 5.2.6 dba_replace()
   destroying file
Copyright © SecurityReason.com. All Rights Reserved.