dcsimg
Linux Today: Linux News On Internet Time.





More on LinuxToday


SCO Linux Advisory: PXE

Nov 12, 2002, 17:24 (0 Talkback[s])
_________________________________________________________________________=
___

                        SCO Security Advisory

Subject:                Linux: Preboot eXecution Environment (PXE) server denial-of-servi=
ce attacks=20
Advisory number:        CSSA-2002-044.0
Issue date:             2002 November 11
Cross reference:
_________________________________________________________________________=
___


1. Problem Description

        The PXE server can be crashed by using corrupt DHCP packets.
        This bug could be used to cause a denial-of-service attack.


2. Vulnerable Supported Versions

        System                          Package
        ----------------------------------------------------------------------

        OpenLinux 3.1.1 Server          prior to pxe-0.1-33.i386.rpm

        OpenLinux 3.1.1 Workstation     prior to pxe-0.1-33.i386.rpm

        OpenLinux 3.1 Server            prior to pxe-0.1-33.i386.rpm

        OpenLinux 3.1 Workstation       prior to pxe-0.1-33.i386.rpm


3. Solution

        The proper solution is to install the latest packages. Many
        customers find it easier to use the Caldera System Updater, called
        cupdate (or kcupdate under the KDE environment), to update these
        packages rather than downloading and installing them by hand.


4. OpenLinux 3.1.1 Server

        4.1 Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-044.0/RPMS

        4.2 Packages

        75380c0629500bcb6ac3185fd7f68cf9        pxe-0.1-33.i386.rpm

        4.3 Installation

        rpm -Fvh pxe-0.1-33.i386.rpm

        4.4 Source Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-044.0/SRPMS

        4.5 Source Packages

        dc85c1098a2835660007665df6140570        pxe-0.1-33.src.rpm


5. OpenLinux 3.1.1 Workstation

        5.1 Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-044.0/=
RPMS

        5.2 Packages

        bfb9e544055e16500098a9fd1c058a7c        pxe-0.1-33.i386.rpm

        5.3 Installation

        rpm -Fvh pxe-0.1-33.i386.rpm

        5.4 Source Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-044.0/=
SRPMS

        5.5 Source Packages

        1e6e6cdb4485ad55d7618ae59bb34f5a        pxe-0.1-33.src.rpm


6. OpenLinux 3.1 Server

        6.1 Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-044.0/RPMS

        6.2 Packages

        84544318a2f9cf2f439aecf928ae3a64        pxe-0.1-33.i386.rpm

        6.3 Installation

        rpm -Fvh pxe-0.1-33.i386.rpm

        6.4 Source Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-044.0/SRPMS

        6.5 Source Packages

        b740f40b65ec56bbfa8c59439487f7a3        pxe-0.1-33.src.rpm


7. OpenLinux 3.1 Workstation

        7.1 Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-044.0/RP=
MS

        7.2 Packages

        0dffc10145ab632ed3190429d445cfdf        pxe-0.1-33.i386.rpm

        7.3 Installation

        rpm -Fvh pxe-0.1-33.i386.rpm

        7.4 Source Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-044.0/SR=
PMS

        7.5 Source Packages

        e7f92ace6e801f23251fd00a1a76dd98        pxe-0.1-33.src.rpm


8. References

        Specific references for this advisory:
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCAN-2002-0835
                http://www.redhat.com/support/errata/RHSA-2002-162.html

        SCO security resources:
                http://www.sco.com/support/security/index.html

        This security fix closes SCO incidents sr867513, fz525783,
        erg501646.


9. Disclaimer

        SCO is not responsible for the misuse of any of the information
        we provide on this website and/or through our security
        advisories. Our advisories are a service to our customers intended
        to promote secure installation and use of SCO products.

_________________________________________________________________________=
___