TUCoPS :: SCO :: bt1229.txt

UnixWare 7.1.3 UnixWare 7.1.1 Open UNIX 8.0.0 : Network device drivers reuse old frame buffer data to pad packets



To: announce@lists.sco.com bugtraq@securityfocus.com full-disclosure@lists.netsys.com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________

			SCO Security Advisory

Subject:		UnixWare 7.1.3 UnixWare 7.1.1 Open UNIX 8.0.0 : Network device drivers reuse old frame buffer data to pad packets
Advisory number: 	CSSA-2003-SCO.21
Issue date: 		2003 September 26
Cross reference: 	sr866216 fz521367 erg712090
______________________________________________________________________________


1. Problem Description

	Many network device drivers reuse old frame buffer data
	to pad packets, resulting in an information leakage
	vulnerability that may allow remote attackers to harvest
	sensitive information from affected devices. 

	The Ethernet standard (IEEE 802.3) specifies a minimum
	data field size of 46 bytes. If a higher layer protocol
	such as IP provides packet data that is smaller than 46
	bytes, the device driver must fill the remainder of the
	data field with a "pad". For IP datagrams, RFC1042 specifies
	that "the data field should be padded (with octets of zero)
	to meet the IEEE 802 minimum frame size requirements."

	Researchers from @Stake have discovered that, contrary to
	the recommendations of RFC1042, many Ethernet device drivers
	fail to pad frames with null bytes. Instead, these device
	drivers reuse previously transmitted frame data to pad
	frames smaller than 46 bytes. This constitutes an information
	leakage vulnerability that may allow remote attackers to
	harvest potentially sensitive information. 

	For detailed information on this research, please read 
	@Stake's "EtherLeak: Ethernet frame padding information
	leakage", available at
	http://www.atstake.com/research/advisories/2003/atstake_etherleak_report.pdf

	The Common Vulnerabilities and Exposures (CVE) project has
	assigned the following name CAN-2003-0001 for this issue.
	This is a candidate for inclusion in the CVE list
	(http://cve.mitre.org), which standardizes names for
	security problems. 

2. Vulnerable Supported Versions

	System				Binaries
	----------------------------------------------------------------------
	UnixWare 7.1.3 		nics package

	UnixWare 7.1.1 		/etc/conf/pack.d/dlpi/Driver.o
				/etc/inst/nd/dlpi/Driver.o

	Open UNIX 8.0.0 	/etc/conf/pack.d/dlpi/Driver.o
				/etc/inst/nd/dlpi/Driver.o


3. Solution

	The proper solution is to install the latest packages.


4. UnixWare 7.1.3

	4.1 Location of Fixed Binaries

	ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.21

	4.2 Verification

	MD5 (nics.image) = 650144e22bfa3aa666d1eabe9bb6f151

	md5 is available for download from
		ftp://ftp.sco.com/pub/security/tools


	4.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following sequence:

	Upgrade the affected binaries with the following sequence:

                1. Download the nics.image file to the /tmp directory on your machine.

                2. As root, uncompress the file and add the package to your system
                using these commands:

                $ su
                Password: <type your root password>
                # uncompress /tmp/nics.image
                # pkgadd -d /tmp/nics.image
                # rm /tmp/nics.image

5. UnixWare 7.1.1

	5.1 First install Maintaince Pack 3. This fix will be 
	    included in Maintaince Pack 4.
 
	5.2 Location of Fixed Binaries

	ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.21

	5.3 Verification

	MD5 (erg712090.pkg.Z) = c299a961be84dbcca7a77dda08f0a8c4

	md5 is available for download from
		ftp://ftp.sco.com/pub/security/tools

	5.4 Installing Fixed Binaries

	Upgrade the affected binaries with the following sequence:

	Download erg712090.pkg.Z to the /var/spool/pkg directory

	# uncompress /var/spool/pkg/erg712090.pkg.Z
	# pkgadd -d /var/spool/pkg/erg712090.pkg


6. Open UNIX 8.0.0

	6.1 First install Maintaince Pack 6. 

	6.1 Location of Fixed Binaries

	ftp://ftp.sco.com/pub/updates/OpenUNIX/CSSA-2003-SCO.21

	6.2 Verification

	MD5 (erg712090.pkg.Z) = c299a961be84dbcca7a77dda08f0a8c4

	md5 is available for download from
		ftp://ftp.sco.com/pub/security/tools

	6.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following sequence:

	Download erg712090.pkg.Z to the /var/spool/pkg directory

	# uncompress /var/spool/pkg/erg712090.pkg.Z
	# pkgadd -d /var/spool/pkg/erg712090.pkg


7. References

	Specific references for this advisory:
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0001 
		http://www.atstake.com/research/advisories/2003/atstake_etherleak_report.pdf 
		http://www.atstake.com/research/advisories/2003/a010603-1.txt 
		http://www.nextgenss.com/advisories/etherleak-2003.txt 
		http://www.ietf.org/rfc/rfc1042.txt

	SCO security resources:
		http://www.sco.com/support/security/index.html

	This security fix closes SCO incidents sr866216 fz521367
	erg712090.


8. Disclaimer

	SCO is not responsible for the misuse of any of the information
	we provide on this website and/or through our security
	advisories. Our advisories are a service to our customers
	intended to promote secure installation and use of SCO
	products.


9. Acknowledgments

	 SCO would like to thank Ofir Arkin and Josh Anderson from
	 @Stake for their research.

______________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAj90zgcACgkQaqoBO7ipriFagwCgqMA/VriVmZXgjyCQ1y9LJv3y
xUoAnREQyrxRAXdDhgXUZDi3DuB7FPOh
=uRMx
-----END PGP SIGNATURE-----

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH