-------------------------------------------------------------------------
System Security Enhancement (SSE) 010 - 24th February 1998
Problem:
Many denial of service attacks against Internet-connected sites
have been reported recently - exploit programs are widely
available. SCO systems targeted by some of these attacks
("land" and "winnuke") may crash or hang.
The enclosed patch should be applied as soon as possible.
Patch:
A replacement TCP driver is supplied for each of the following
SCO operating systems:
- SCO Open Desktop/Open Server Release 3.0
- SCO CMW+ 3.0
- SCO OpenServer Release 5.0
- SCO UnixWare 2.1
Note that if SLS OSS468 (for OpenServer 5.0.0 and 5.0.2) or
SLS OSS469 (for OpenServer 5.0.4) has been installed, this
patch should NOT be installed - OSS468 and OSS469 include
this fix, and installing this patch after OSS468 or OSS469
will nullify other fixes contained in the SLS.
At the time of writing, OSS468 and OSS469 are not yet
available, so this patch should be installed in the meantime -
OSS468 and OSS469 can still be safely installed after this
patch.
Prerequisites:
All updates listed in this section are available for
download from the SCO ftp site: ftp.sco.com .
On OpenServer 5.0.0, the following updates MUST be installed
prior to this patch:
- RS500D (Release Supplement)
- NET100 (Networking Supplement)
- OSS449F (Network Maintenance Supplement)
On OpenServer 5.0.2, the following updates MUST be installed
prior to this patch:
- OSS449F (Network Maintenance Supplement)
On OpenServer 5.0.4, the following updates MUST be installed
prior to this patch:
- RS504C (Release Supplement)
On UnixWare 2.1.0, the following updates MUST be installed
prior to this patch:
- UPD211 (SCO UnixWare 2.1.1 Update)
- PTF3280L (Network Maintenance Supplement)
On UnixWare 2.1.1 and 2.1.2, the following updates MUST be
installed prior to this patch:
- PTF3280L (Network Maintenance Supplement)
Installation:
Perform the following steps logged in as root:
1. Create a temporary directory, and copy SSE010 into it:
# mkdir /tmp/sse010
# cp sse010.tar.Z /tmp/sse010
2. uncompress the tar file:
# cd /tmp/sse010
# uncompress sse010.tar.Z
3. extract the files from the tar file:
# tar xvf sse010.tar
4. Replace your existing TCP driver with the updated driver,
and relink the kernel:
- For SCO Open Desktop/Open Server 3.0:
# cd /etc/conf/pack.d/tcp
# mv Driver.o Driver.o.old (saves existing driver)
# mv /tmp/sse010/Driver.o.odt3 Driver.o
# /etc/conf/cf.d/link_unix
Reply 'y' to the prompts for the new kernel to boot
by default, and to rebuild the kernel environment.
- For SCO CMW+ 3.0:
# cd /etc/conf/pack.d/tcp
# mv Driver.o Driver.o.old (saves existing driver)
# mv /tmp/sse010/Driver.o.cmw3 Driver.o
# /etc/conf/cf.d/link_unix
Reply 'y' to the prompts for the new kernel to boot
by default, and to rebuild the kernel environment.
- For SCO OpenServer 5.0:
# cd /usr/lib/tcprt/ID/tcp
# mv Driver.o Driver.o.old (saves existing driver)
# mv /tmp/sse010/Driver.o.osr5 Driver.o
# cp Driver.o /etc/conf/pack.d/tcp (important!)
# /etc/conf/cf.d/link_unix
Reply 'y' to the prompts for the new kernel to boot
by default, and to rebuild the kernel environment.
(Note that for OpenServer 5.0, installation of the new
driver will cause "custom" to display an error in future
when the "Verify" command is chosen - be sure not to
specify that this error be fixed, as it will cause the
new driver to be overwritten by the old one.)
- For SCO UnixWare 2.1:
# cd /etc/conf/pack.d/tcp
# mv Driver_atup.o Driver_atup.o.old
# mv Driver_mp.o Driver_mp.o.old (saves existing drivers)
# mv /tmp/sse010/Driver_atup.o .
# mv /tmp/sse010/Driver_mp.o .
# /etc/conf/idbuild -B
5. Shut down and reboot your system. (On UnixWare 2.1, be sure
to use the "shutdown" command, as it is this which installs
the relinked kernel.)
Disclaimer:
SCO believes that this patch addresses the reported vulnerability.
However, in order that it be released as soon as possible, this patch has
not been fully tested or packaged to SCO's normal exacting standards. For
that reason, this patch is not officially supported. Official supported
and packaged fixes for current SCO products will be available in due
course.
-------------------------------------------------------------------------
-- Ernesto Baschny Stuttgart - Germany ernst@studbox.uni-stuttgart.de Uni-Stuttgart, Informatik ernst@pem.com PEM GmbH - SCO Premier Partner