TCP Denial of Service Vulnerability(SCOSA-2005.64)

Original Release Date: January 30, 2006
Last Revised: February 7, 2006
Number: ASA-2006-032
Risk Level: None
Advisory Version: 2.0
Advisory Status: Final

1. Overview:

SCO has issued a security advisory regarding a UnixWare with TCP timestamps running Protection Against Wrapped Sequence Numbers (PAWS).

A vulnerability has been found in TCP timestamps with PAWS which could allow an attacker to propagate a potential denial-of-service against an affected system. Previously, this issue was thought to affect Avaya products, upon further investigation, it was found that this issue does not affect Avaya products shipping on UnixWare. No Avaya systems products ship with SCO TCP with timestamps using PAWS configured, and are therefore not vulnerable.

The Common Vulnerabilities and Exposures project ( has assigned the name CVE-2005-0356 to this issue.

2. Avaya System Products running SCO TCP timestamps with PAWS:

Product: Affected Version(s): Risk Level: Actions:
Intuity Audix All None The installed version of TCP does not have timestamps with PAWS configured.

3. Additional Information:

This issue has previously been reported by Avaya for other OS platforms in ASA-2005-148, which can be viewed at: