Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Bugtraq: UnixWare 7.1.4 : racoon multilple security issues

UnixWare 7.1.4 : racoon multilple security issues

From: <please_reply_to_security_at_sco.com>
Date: Mon, 7 Feb 2005 14:49:57 -0800

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________

                        SCO Security Advisory

Subject: UnixWare 7.1.4 : racoon multilple security issues
Advisory number: SCOSA-2005.10
Issue date: 2005 February 07
Cross reference: sr890909 fz529836 erg712650 CAN-2004-0155 CAN-2004-0164 CAN-2004-0392 CAN-2004-0403 CAN-2004-0607
______________________________________________________________________________

1. Problem Description

        Racoon is the daemon which negotiates and configures a set
        of parameters of IPsec. Several security issues are addressed
        with this patch.

        The KAME IKE Daemon Racoon, when authenticating a peer during
        Phase 1, validates the X.509 certificate but does not verify
        the RSA signature authentication, which allows remote attackers
        to establish unauthorized IP connections or conduct
        man-in-the-middle attacks using a valid, trusted X.509
        certificate.

        The Common Vulnerabilities and Exposures project (cve.mitre.org)
        has assigned the name CAN-2004-0155 to this issue.

        KAME IKE daemon (racoon) does not properly handle hash values,
        which allows remote attackers to delete certificates via a
        certain delete message that is not properly handled in isakmp.c
        or isakmp_inf.c, or a certain INITIAL-CONTACT message that
        is not properly handled in isakmp_inf.c.

        The Common Vulnerabilities and Exposures project (cve.mitre.org)
        has assigned th e name CAN-2004-0164 to this issue.

        racoon before 20040407b allows remote attackers to cause a denial
        of service (infinite loop and dropped connections) via an IKE
        message with a malformed Generic Payload Header containing
        invalid "Security Association Next Payload" and "RESERVED" fields.

        The Common Vulnerabilities and Exposures project (cve.mitre.org)
        has assigned th e name CAN-2004-0392 to this issue.

        Racoon before 20040408a allows remote attackers to cause a denial
        of service (memory consumption) via an ISAKMP packet with a large
        length field.

        The Common Vulnerabilities and Exposures project (cve.mitre.org)
        has assigned th e name CAN-2004-0403 to this issue.

        The eay_check_x509cert function in KAME Racoon successfully
        verifies certificates even when OpenSSL validation fails,
        which could allow remote attackers to bypass authentication.

        The Common Vulnerabilities and Exposures project (cve.mitre.org)
        has assigned the name CAN-2004-0607 to this issue.

2. Vulnerable Supported Versions

        System Binaries
        ----------------------------------------------------------------------
        UnixWare 7.1.4 /usr/sbin/racoon

3. Solution

        The proper solution is to install the latest packages.

4. UnixWare 7.1.4

        4.1 Location of Fixed Binaries

        ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.10

        4.2 Verification

        MD5 (erg712650.pkg.Z) = dd4cf5b0cc719b9ca6aa7b2e3b7eff65

        md5 is available for download from
                ftp://ftp.sco.com/pub/security/tools

        4.3 Installing Fixed Binaries

        Upgrade the affected binaries with the following sequence:

        Download erg712650.pkg.Z to the /var/spool/pkg directory

        # uncompress /var/spool/pkg/erg712650.pkg.Z
        # pkgadd -d /var/spool/pkg/erg712650.pkg

5. References

        Specific references for this advisory:
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0155
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0164
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0392
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0403
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0607
                http://www.vuxml.org/freebsd/ccd698df-8e20-11d8-90d1-0020ed76ef5a.html
                http://www.vuxml.org/freebsd/40fcf20f-8891-11d8-90d1-0020ed76ef5a.html
                http://marc.theaimsgroup.com/?l=bugtraq&m=107403331309838&w=2
                http://marc.theaimsgroup.com/?l=bugtraq&m=107411758202662&w=2
                http://marc.theaimsgroup.com/?l=bugtraq&m=108136746911000&w=2

        SCO security resources:
                http://www.sco.com/support/security/index.html

        SCO security advisories via email
                http://www.sco.com/support/forums/security.html

        This security fix closes SCO incidents sr890909 fz529836
        erg712650.

6. Disclaimer

        SCO is not responsible for the misuse of any of the information
        we provide on this website and/or through our security
        advisories. Our advisories are a service to our customers
        intended to promote secure installation and use of SCO
        products.

______________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (SCO/UNIX_SVR5)

iD8DBQFCB8NIaqoBO7ipriERAk/oAJ9tBctfOjHLXop2OPT36NFNiArmawCggWYf
gPAjKWLglaZDFvzofIGIO00=
=jQkm
-----END PGP SIGNATURE-----
Received on Feb 08 2005

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]