[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[SCO] Schwachstelle in IPFilter - CSSA-2002-SCO.9

To: win-sec-ssc@xxxxxxxxxxx
Subject: [SCO] Schwachstelle in IPFilter - CSSA-2002-SCO.9
From: win-sec-ssc@xxxxxxxxxxx
Date: Wed, 13 Mar 2002 16:04:22 +0100 (MET)
Delivered-to: rustler@xxxxxxxxxxxxxxxxxxxxxxxxxxxx
Delivered-to: security-announce-dist@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Delivered-to: security-announce@xxxxxxxxxxxxxxxxxxxxxxxxx
Sender: owner-security-announce@xxxxxxxxxxxxxxxxxxxxxxxxx

-----BEGIN PGP SIGNED MESSAGE-----

- --MfFXiAuoTsnnDAfZ
Liebe Kolleginnen und Kollegen,

soeben erreichte uns nachfolgende Warnung von Caldera International
Inc. ueber Sicherheitsprobleme bei IPFilter. Wir geben diese
Informationen unveraendert an Sie weiter.

Im IPFilter, einem Packetfilter fuer SCO Systeme, werden IP Fragmente
nicht ausreichend geprueft, so dass Angreifer durch Senden
entsprechend formulierter IP-Pakete (bzw. Fragmente) die Paketfilter-
Regeln umgehen koennen.

Betroffen von dieser Schwachstelle sind SCO OpenServer Versionen bis
einschliesslich 5.0.6a. SCO stellt Patches zur Behebung der
Schwachstelle bereit.

Leider wurde dieses Advisory mit einer detached Signature geschickt,
die wir ihnen nicht intakt und ueberpruefbar weiterleiten laesst. Die
Signatur wurde aber von uns ueberprueft und fuer korrekt befunden.

(c) der deutschen Zusammenfassung bei DFN-CERT GmbH; die Verbreitung,
auch auszugsweise, ist nur unter Hinweis auf den Urheber, DFN-CERT
GmbH, und nur zu nicht kommerziellen Zwecken gestattet.

Mit freundlichen Gruessen,
                Klaus Moeller, DFN-CERT

- -- 
Klaus Moeller          |                      mailto:moeller@xxxxxxxxxxx
DFN-CERT GmbH          |            http://www.cert.dfn.de/team/moeller/
Oberstrasse 14b        |                        Phone: +49(40)808077-555
D-20144 Hamburg        |                          FAX: +49(40)808077-556
Germany                |         PGP-Key: finger moeller@xxxxxxxxxxxxxxx

___________________________________________________________________________

	    Caldera International, Inc. Security Advisory

Subject:		OpenServer: IPFilter may incorrectly pass packets
Advisory number: 	CSSA-2002-SCO.9
Issue date: 		2002 March 11
Cross reference:
___________________________________________________________________________


1. Problem Description

	When matching a packet fragment, insufficient checks were
	performed to ensure the fragment is valid.  Malicious remote
	users may be able to bypass filtering rules, allowing them to
	potentially circumvent the firewall.


2. Vulnerable Supported Versions

	Operating System	Version		Affected Files
	------------------------------------------------------------------
	OpenServer		<=3D 5.0.6a	/etc/ipnat
						/etc/ipfnat
						/etc/conf/pack.d/ipl/Driver.o
						/etc/ipmon
						/etc/ipfstat
						/etc/ipf


3. Workaround

	None.


4. OpenServer

  4.1 Location of Fixed Binaries

	ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.9/


  4.2 Verification

	MD5 (erg711678) =3D 7608023bdd367331a8088a92b114db5c

	md5 is available for download from
		ftp://stage.caldera.com/pub/security/tools/


  4.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following commands:

	Download erg711678 to the /tmp directory

	# cd /tmp
	# tar xvf erg711678

	Run the custom command, specify an install from media images,
	and specify the /tmp directory as the location of the images.


5. References

	This and other advisories are located at
		http://stage.caldera.com/support/security

	This advisory addresses Caldera Security internal incidents
	SCO-236-1763, erg711678


6. Disclaimer

	Caldera International, Inc. is not responsible for the misuse
	of any of the information we provide on our website and/or
	through our security advisories. Our advisories are a service
	to our customers intended to promote secure installation and
	use of Caldera International products.


7. Acknowledgements

	Caldera would like to admit borrowing the problem description
	text from FreeBSD security advisory FreeBSD-SA-01:32.

___________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Processed by Mailcrypt 3.5.5, an Emacs/PGP interface

iQEVAwUBPI9qYorEggYLt8j5AQHYvwf9E6qMZARLVudgMOPhhRQ1RUvNtArjIJ7y
m0VjpMdbM7xPcrTghBaXvBpgALmTL3WFriQh8E/0tJA0r90donw4wkW0e7/zGoe8
FKcuj33eshWOTG3bcURnOLGvwA1WAHcBJpqActjrBJYhEg8moyTst0UhQdkmAMG0
+JPhPmFbGA479eCXG//k5xPiGkWJg7QZpiZhSKIYzpnT0Qy89zhsX6Qe5pSNYlNQ
N+pgctd6e1tOQsh8XEUeK5ZOLc1d3ethon6Zb8JWl3IDtUIhd42MzdnqMwaOs0CT
03Yhm84zTzrU7Axnv6Q0yoaRKdJhuSDzN4QW4TEkI68dCYb35j7OpQ==
=4ZHH
-----END PGP SIGNATURE-----

Prev by Date: [SCO] Buffer Overflow in dlvr_audit - CSSA-2002-SCO.8
Next by Date: [FreeBSD] Buffer Overflow im mod_frontpage Port - FreeBSD-SA-02:17
Previous by thread: [SCO] Buffer Overflow in dlvr_audit - CSSA-2002-SCO.8
Next by thread: [FreeBSD] Buffer Overflow im mod_frontpage Port - FreeBSD-SA-02:17
Index(es):
- Date
- Thread