[Full-disclosure] SCOSA-2005.52 OpenServer 6.0.0 : KAME Racoon Daemon Denial of Service Vulnerability

2005-11-28T00:00:00
ID SECURITYVULNS:DOC:10435
Type securityvulns
Reporter Securityvulns
Modified 2005-11-28T00:00:00

Description

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1


                    SCO Security Advisory

Subject: OpenServer 6.0.0 : KAME Racoon Daemon Denial of Service Vulnerability Advisory number: SCOSA-2005.52 Issue date: 2005 November 28 Cross reference: sr895064 erg712954 fz533033 CVE-2005-0398


  1. Problem Description

    Racoon is an IKEv1 keying daemon, a common IPSec Utility.  Due
    to a bug in the way the Racoon parsed incoming ISAKMP packets,
    an attacker could possibly crash the racoon daemon by sending a
    specially crafted ISAKMP packet.
    
    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the name CVE-2005-0398 to this issue.
    
  2. Vulnerable Supported Versions

    System                          Binaries
    ----------------------------------------------------------------------
    OpenServer 6.0.0                /usr/sbin/racoon
    
  3. Solution

    The proper solution is to install the latest packages.
    
  4. OpenServer 6.0.0

    4.1 Location of Fixed Binaries
    
    ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.52
    
    4.2 Verification
    
    MD5 (VOL.000.000) = 6233d4a9b0aa683814f9d8041cf184fb
    
    md5 is available for download from
            ftp://ftp.sco.com/pub/security/tools
    
    4.3 Installing Fixed Binaries
    
    Upgrade the affected binaries with the following sequence:
    
    1) Download the VOL* files to a directory.
    
    2) Run the custom command, specify an install
       from media images, and specify the directory as
       the location of the images.
    
  5. References

    Specific references for this advisory:
            http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0398
    
    SCO security resources:
            http://www.sco.com/support/security/index.html
    
    SCO security advisories via email
            http://www.sco.com/support/forums/security.html
    
    This security fix closes SCO incidents sr895064 erg712954
    fz533033.
    
  6. Disclaimer

    SCO is not responsible for the misuse of any of the information
    we provide on this website and/or through our security
    advisories. Our advisories are a service to our customers
    intended to promote secure installation and use of SCO
    products.
    
  7. Acknowledgments

    SCO would like to thank Sebastian Krahmer for reporting this
    vulnerability.
    

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (UnixWare)

iD8DBQFDizxVaqoBO7ipriERAlYMAKCr1GJr7hko5L5SeIQ9lZO302MdyQCeJwc7 MNW1g27sTAq/c0OozetgAd0= =Ugv/ -----END PGP SIGNATURE----- ___________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/