SCO Security Advisory Subject: OpenSSH Denial Of Service Vulnerability Advisory number: SCOSA-2008.2 Issue date: 12th March 2008 Cross reference: fz534336, fz533530 CVE-2006-4924 ______________________________________________________________________________ 1. Problem Description sshd in OpenSSH versions before 4.4, when using the version 1 SSH protocol, could allow a remote attacker to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector. 2. Vulnerable Supported Versions System Package ---------------------------------------------------------------------- UnixWare 7.1.4 openssh 4.2p1 UnixWare 7.1.3 openssh 4.0p1 3. Solution The proper solution is to install the relevant package below. 4. UnixWare 7.1.4 This patch should only be installed on UnixWare 7.1.4 systems with Maintenance Pack 3 (MP3) applied. You can download MP3 from: ftp://ftp.sco.com/pub/unixware7/714/mp/uw714mp3 4.1 Location of Fixed Binaries ftp://ftp.sco.com/pub/unixware7/714/security/p534336/ 4.2 Verification MD5 (p534336.image) = 89271cc36a93ab8252159a4a98abc221 md5 is available for download from ftp://ftp.sco.com/pub/security/tools 4.3 Installation Instructions 1) Download the p534336.image file to the /tmp directory on your machine. 2) As root, add the package to your system using these commands: $ su - Password: # pkgadd -d /tmp/p534336.image Alternatively, this package may be installed in quiet mode, that is, without displaying the release notes and asking for confirmation. To do this, use these commands: $ su - Password: # pkgadd -qd /tmp/p534589.image all 3) There is no need to reboot the system after installing this package. 4.4 Removal Instructions 1) As root, remove the package using these commands: $ su - Password: # pkgrm p534589 5. UnixWare 7.1.3 This patch should only be installed on UnixWare 7.1.3 systems with Maintenance Pack 5 (MP5) applied. You can download MP5 from: ftp://ftp.sco.com/pub/unixware7/713/mp/mp5 5.1 Location of Fixed Binaries ftp://ftp.sco.com/pub/unixware7/713/security/p534336_713/ 5.2 Verification MD5 (p534336.image) = 1554e72a7197480d77687ef0246964c1 md5 is available for download from ftp://ftp.sco.com/pub/security/tools 5.3 Installation Instructions 1) Download the p534336.image file to the /tmp directory on your machine. 2) As root, add the package to your system using these commands: $ su - Password: # pkgadd -d /tmp/p534336.image Alternatively, this package may be installed in quiet mode, that is, without displaying the release notes and asking for confirmation. To do this, use these commands: $ su - Password: # pkgadd -qd /tmp/p534589.image all 3) There is no need to reboot the system after installing this package. 5.4 Removal Instructions 1) As root, remove the package using these commands: $ su - Password: # pkgrm p534589 6. References SCO security resources: http://www.sco.com/support/download.html SCO security advisories via email http://www.sco.com/support/forums/security.html This security fix closes SCO incidents fz534336 and 533530. 7. Disclaimers SCO is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of SCO products. 8. Acknowledgements N/A _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/