SB-98:01
Published: 1998-02-24 00:00:00
Updated: 1998-02-24 00:00:00
===========================================================================
SCO Security Bulletin 98:01
February 24, 1998
IP-based Denial of Service Attacks
---------------------------------------------------------------------------
I. Description
Recently, many denial of service attacks have been described which attempt
to exploit bugs in various vendors' TCP/IP implementations to crash or
hang systems with Internet connectivity.
This security bulletin is intended to clarify which of those attacks may
affect SCO operating systems - patches have been made available where
necessary.
1. Fragmenting packets with invalid sizes
Exploits have been distributed under the names "teardrop", "bonk" and
"newtear".
Not vulnerable:
- SCO Open Desktop/Open Server 3.0
- SCO CMW+ 3.0
- SCO OpenServer 5.0
- SCO UnixWare 2.1
2. Spoofed self-connect packets
Exploits have been distributed under than names "land" and "latierra".
Vulnerable:
- SCO Open Desktop/Open Server 3.0
- SCO CMW+ 3.0
- SCO OpenServer 5.0
- SCO UnixWare 2.1
System Security Enhancement SSE010 should be applied to these systems
to protect against this attack.
3. Unexpected Out of Band Data
An exploit has been distributed under the name "winnuke".
Not vulnerable:
- SCO Open Desktop/Open Server 3.0
- SCO CMW+ 3.0
- SCO UnixWare 2.1
Vulnerable:
- SCO OpenServer 5.0
System Security Enhancement SSE010 should be applied to OpenServer 5.0
to protect against this attack.
II. Impact
Anyone connected to the Internet may be able to hang or crash your
Internet-connected system. Exploit programs are widely available.
III. Solution
SCO is providing interim patches to address this issue in the form
of a System Security Enhancement (SSE) package. The SSE package
includes patches for all operating systems listed above as vulnerable.
For OpenServer 5.0.0 and OpenServer 5.0.2, the forthcoming SLS OSS468
will include these fixes - if OSS468 is installed, SSE010 is not
required. SSE010 should not be installed after OSS468 as it will
nullify other fixes contained in OSS468.
For OpenServer 5.0.4, the forthcoming SLS OSS469 will include these
fixes - if OSS469 is installed, SSE010 is not required. SSE010 should
not be installed after OSS469 as it will nullify other fixes contained
in OSS469.
SSE010 is available for Internet download via anonymous ftp, and from
the SCOFORUM on Compuserve.
You can download the SSE package as follows:
Anonymous ftp (World Wide Web URL):
ftp://ftp.sco.COM/SSE/sse010.ltr (cover letter, ASCII text)
ftp://ftp.sco.COM/SSE/sse010.tar.Z (new binaries, compressed tar file)
Compuserve:
GO SCOFORUM, and search Library 11 (SLS/SSE Files) for these filenames:
SSE010.LTR (cover letter, ASCII text)
SSE010.TAZ (new binaries, compressed tar file)
Checksums (sum -r):
61746 9 sse010.ltr
39053 396 sse010.tar.Z
IV. Updates
This bulletin is available for anonymous ftp download from
ftp://ftp.sco.COM/SSE/security_bulletins/SB.98:01a, and will be
updated as new information becomes available.
V. Further Information:
If you have further questions, contact your support provider. If you
need to contact SCO, please send electronic mail to support@sco.COM, or
contact SCO as follows.
USA/Canada: 6am-5pm Pacific Time (PST/PDT)
-----------
1-800-347-4381 (voice)
1-408-427-5443 (fax)
Pacific Rim, Asia, and Latin American customers: 6am-5pm Pacific
------------------------------------------------ Time (PST/PDT)
1-408-425-4726 (voice)
1-408-427-5443 (fax)
Europe, Middle East, Africa: 9am-5:30pm UK Time (GMT/BST)
----------------------------
+44 (0)1923 816344 (voice)
+44 (0)1923 817781 (fax)
