TUCoPS :: SCO :: cs2sco26.txt

OpenServer 5.0.6a : squid compressed DNS answer message boundary failure - Caldera Advisory CSSA-2002-SCO.26

To: bugtraq@securityfocus.com announce@lists.caldera.com scoannmod@xenitec.on.ca


		Caldera International, Inc.  Security Advisory

Subject:		OpenServer 5.0.6a : squid compressed DNS answer message boundary failure
Advisory number: 	CSSA-2002-SCO.26
Issue date: 		2002 June 13
Cross reference:

1. Problem Description

	From Squid advisory SQUID-2002:2 : Error and boundary
	conditions were not checked when handling compressed DNS
	answer messages in the internal DNS code (lib/rfc1035.c).
	A malicious DNS server could craft a DNS reply that would
	cause Squid to exit with a SIGSEGV.

2. Vulnerable Supported Versions

	System				Binaries
	OpenServer 5.0.6a		/opt/K/SCO/Squid/2.4.6/*

3. Solution

	The proper solution is to install the latest packages.

4. OpenServer 5.0.6a

	4.1 Location of Fixed Binaries


4.2 Verification

	MD5 (VOL.000.000) = 87accd0ac60bf509b86e66bb74062168
	MD5 (VOL.000.001) = 4f709bb2f81fbb72e46f9f3608bca6e6
	MD5 (VOL.000.002) = eb7964ff9190da6749341170ce779b12
	MD5 (VOL.000.003) = 8be5cc4f62eb83d65541c491cbaaad3c

	md5 is available for download from

4.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following commands:

	1) Download the VOL* files to the /tmp directory

	Run the custom command, specify an install from media images,
	and specify the /tmp directory as the location of the images.

5. References

	Specific references for this advisory:

Caldera security resources:

This security fix closes Caldera incidents sr862189, fz520428,

6. Disclaimer

	Caldera International, Inc. is not responsible for the
	misuse of any of the information we provide on this website
	and/or through our security advisories. Our advisories are
	a service to our customers intended to promote secure
	installation and use of Caldera products.

7. Acknowledgements

	This vulnerability was discovered and researched by zen-parse

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH