-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SCO Security Advisory Subject: UnixWare 7.1.4 : racoon multilple security issues Advisory number: SCOSA-2005.10 Issue date: 2005 February 07 Cross reference: sr890909 fz529836 erg712650 CAN-2004-0155 CAN-2004-0164 CAN-2004-0392 CAN-2004-0403 CAN-2004-0607 ______________________________________________________________________________ 1. Problem Description Racoon is the daemon which negotiates and configures a set of parameters of IPsec. Several security issues are addressed with this patch. The KAME IKE Daemon Racoon, when authenticating a peer during Phase 1, validates the X.509 certificate but does not verify the RSA signature authentication, which allows remote attackers to establish unauthorized IP connections or conduct man-in-the-middle attacks using a valid, trusted X.509 certificate. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0155 to this issue. KAME IKE daemon (racoon) does not properly handle hash values, which allows remote attackers to delete certificates via a certain delete message that is not properly handled in isakmp.c or isakmp_inf.c, or a certain INITIAL-CONTACT message that is not properly handled in isakmp_inf.c. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned th e name CAN-2004-0164 to this issue. racoon before 20040407b allows remote attackers to cause a denial of service (infinite loop and dropped connections) via an IKE message with a malformed Generic Payload Header containing invalid "Security Association Next Payload" and "RESERVED" fields. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned th e name CAN-2004-0392 to this issue. Racoon before 20040408a allows remote attackers to cause a denial of service (memory consumption) via an ISAKMP packet with a large length field. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned th e name CAN-2004-0403 to this issue. The eay_check_x509cert function in KAME Racoon successfully verifies certificates even when OpenSSL validation fails, which could allow remote attackers to bypass authentication. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0607 to this issue. 2. Vulnerable Supported Versions System Binaries ---------------------------------------------------------------------- UnixWare 7.1.4 /usr/sbin/racoon 3. Solution The proper solution is to install the latest packages. 4. UnixWare 7.1.4 4.1 Location of Fixed Binaries ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.10 4.2 Verification MD5 (erg712650.pkg.Z) = dd4cf5b0cc719b9ca6aa7b2e3b7eff65 md5 is available for download from ftp://ftp.sco.com/pub/security/tools 4.3 Installing Fixed Binaries Upgrade the affected binaries with the following sequence: Download erg712650.pkg.Z to the /var/spool/pkg directory # uncompress /var/spool/pkg/erg712650.pkg.Z # pkgadd -d /var/spool/pkg/erg712650.pkg 5. References Specific references for this advisory: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0155 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0164 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0392 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0403 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0607 http://www.vuxml.org/freebsd/ccd698df-8e20-11d8-90d1-0020ed76ef5a.html http://www.vuxml.org/freebsd/40fcf20f-8891-11d8-90d1-0020ed76ef5a.html http://marc.theaimsgroup.com/?l=bugtraq&m=107403331309838&w=2 http://marc.theaimsgroup.com/?l=bugtraq&m=107411758202662&w=2 http://marc.theaimsgroup.com/?l=bugtraq&m=108136746911000&w=2 SCO security resources: http://www.sco.com/support/security/index.html SCO security advisories via email http://www.sco.com/support/forums/security.html This security fix closes SCO incidents sr890909 fz529836 erg712650. 6. Disclaimer SCO is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of SCO products. ______________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (SCO/UNIX_SVR5) iD8DBQFCB8NIaqoBO7ipriERAk/oAJ9tBctfOjHLXop2OPT36NFNiArmawCggWYf gPAjKWLglaZDFvzofIGIO00= =jQkm -----END PGP SIGNATURE-----
