From security@sco.com Mon May 5 16:27:23 2003 From: security@sco.com To: bugtraq@securityfocus.com, announce@lists.caldera.com, security-alerts@linuxsecurity.com Date: Mon, 5 May 2003 11:01:07 -0700 Reply-To: please_reply_to_security@sco.com Subject: Security Update: [CSSA-2003-019.0] OpenLinux: tcp SYN with FIN packets are not discarded To: bugtraq@securityfocus.com announce@lists.caldera.com security-alerts@linuxsecurity.com ______________________________________________________________________________ SCO Security Advisory Subject: OpenLinux: tcp SYN with FIN packets are not discarded Advisory number: CSSA-2003-019.0 Issue date: 2003 May 5 Cross reference: ______________________________________________________________________________ 1. Problem Description Allowing TCP packets with both the SYN and FIN bits set significantly improve an attacker's chances of circumventing a firewall. 2. Vulnerable Supported Versions System Package ---------------------------------------------------------------------- OpenLinux 3.1.1 Server prior to tcp_sec-1.0-1.i386.rpm OpenLinux 3.1.1 Workstation prior to tcp_sec-1.0-1.i386.rpm 3. Solution The proper solution is to install the latest packages. Many customers find it easier to use the Caldera System Updater, called cupdate (or kcupdate under the KDE environment), to update these packages rather than downloading and installing them by hand. 4. OpenLinux 3.1.1 Server 4.1 Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-019.0/RPMS 4.2 Packages 57270040e72d49ac888b9967cc86cac8 tcp_sec-1.0-1.i386.rpm 4.3 Installation - rpm -ivh tcp_sec-1.0-1.i386.rpm - reboot the machine 4.4 Source Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-019.0/SRPMS 4.5 Source Packages acee43450be1a90b11bfc6049e9b788e tcp_sec-1.0-1.src.rpm 5. OpenLinux 3.1.1 Workstation 5.1 Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-019.0/RPMS 5.2 Packages 24b4643542d6c0fbd6b8dc18462fb99e tcp_sec-1.0-1.i386.rpm 5.3 Installation - rpm -ivh tcp_sec-1.0-1.i386.rpm - reboot the machine 5.4 Source Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-019.0/SRPMS 5.5 Source Packages a20384e0690e90a6d0528dd3bb4b9843 tcp_sec-1.0-1.src.rpm 8. References Specific references for this advisory: http://www.securityfocus.com/archive/1/296122/2002-10-19/2002-10-25/2 http://www.kb.cert.org/vuls/id/464113 SCO security resources: http://www.sco.com/support/security/index.html This security fix closes SCO incidents sr876423, fz527624, erg712275. 9. Disclaimer SCO is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of SCO products. 10. Acknowledgements Paul Starzetz discovered and researched this vulnerability. ______________________________________________________________________________ [ Part 2, Application/PGP-SIGNATURE 245bytes. ] [ Unable to print this part. ]