===========================================================================
SCO Security Bulletin 99.07
June 18th, 1999
Fix to an Xserver related Denial of Service attack
---------------------------------------------------------------------------

I.   Description

A Denial of Service attack launched from xserver has been discovered. This 
patch fixes this problem,


II.  Impact

The Denial of Service attack could be used to make reserved port numbers < 1024
unavailable.
        
III. Releases

This problem exists on the following releases of SCO operating systems:

	- SCO OpenServer 5.05 and earlier releases (also Internet FastStart)
	- SCO UnixWare 2.1.x 
	- SCO Open Desktop / OpenServer 3
	
IV.  Solution

SCO is providing an interim patch to address this issue in the form of a
System Security Enhancement (SSE) package.

SSE024b contains a replacement binary for SCO OpenServer 5.05 and earlier 
releases, SCO UnixWare 7.0.1 and earlier releases, SCO UnixWare 2.1.x, SCO Open 
Desktop / OpenServer 3 and earlier releases and is available for Internet 
download via anonymous ftp, and from the SCOFORUM on Compuserve.

You can download the SSE package as follows:

Anonymous ftp (World Wide Web URL):

    ftp://ftp.sco.COM/SSE/sse024b.ltr    (cover letter, ASCII text)
    ftp://ftp.sco.COM/SSE/sse024b.tar.Z  (new binaries, compressed tar file)

Compuserve:

    GO SCOFORUM, and search Library 11 (SLS/SSE Files) for these filenames:

	SSE024.LTR	(cover letter, ASCII text)
	SSE024.TAZ	(new binaries, compressed tar file)

Checksums (sum -r):

	48156     5 sse024b.ltr
	54200  4541 sse024b.tar.Z

V.   Updates

This bulletin is available for anonymous ftp download from 
ftp://ftp.sco.COM/SSE/security_bulletins/SB-99.07b, and will be
updated as new information becomes available.

The latest information on security vulnerabilities and fixes from
SCO is available on the world-wide web at http://www.sco.com/security/

VI.  Further Information:

If you have further questions, contact your support provider.  If you
need to contact SCO, please send electronic mail to support@sco.COM, or
contact SCO as follows. 

    USA/Canada: 6am-5pm Pacific Time (PST/PDT)
    -----------
    1-800-347-4381  (voice)
    1-408-427-5443  (fax)

    Pacific Rim, Asia, and Latin American customers: 6am-5pm Pacific
    ------------------------------------------------ Time (PST/PDT)
    1-408-425-4726  (voice)
    1-408-427-5443  (fax)

    Europe, Middle East, Africa: 9am-5:30pm UK Time (GMT/BST)
    ----------------------------
    +44 (0)1923 816344 (voice)
    +44 (0)1923 817781 (fax)