The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


Security Update: [CSSA-2001-SCO.39] Open UNIX, UnixWare 7: timed does not enforce nulls


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
Date: Mon, 10 Dec 2001 17:42:10 -0800
From: [email protected]
To: [email protected], [email protected],
Subject: Security Update: [CSSA-2001-SCO.39] Open UNIX, UnixWare 7: timed does not enforce nulls

--3V7upXqbjpZ4EhLz
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

To: [email protected] [email protected] scoannmod@xenitec.=
on.ca

___________________________________________________________________________

	    Caldera International, Inc. Security Advisory

Subject:		Open UNIX, UnixWare 7: timed does not enforce nulls
Advisory number: 	CSSA-2001-SCO.39
Issue date: 		2001 December 10
Cross reference:
___________________________________________________________________________


1. Problem Description
=09
	The timed program does not enforce null-termination of strings
	in certain situations. It is possible that this could be used
	by a malicious user to perform a remote denial-of-service
	attack.


2. Vulnerable Versions

	Operating System	Version		Affected Files
	------------------------------------------------------------------
	UnixWare 7		All		/usr/sbin/in.timed
	Open UNIX		8.0.0		/usr/sbin/in.timed


3. Workaround

	If the in.timed service is not needed, it may be disabled.


4. UnixWare 7, Open UNIX 8

  4.1 Location of Fixed Binaries

	ftp://stage.caldera.com/pub/security/openunix/CSSA-2001-SCO.39/


  4.2 Verification

	md5 checksums:
=09
	87c68b618f4317dd92460aaa49e6a522	erg711890.Z


	md5 is available for download from

		ftp://stage.caldera.com/pub/security/tools/


  4.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following commands:

	# uncompress /tmp/erg711890.Z
	# pkgadd -d /tmp/erg711890


5. References

	http://xforce.iss.net/static/6228.php
	http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2001-0388

	This and other advisories are located at
		http://stage.caldera.com/support/security

	This advisory addresses Caldera Security internal incidents
	sr855196, fz519311, erg711890.


6. Disclaimer

	Caldera International, Inc. is not responsible for the misuse
	of any of the information we provide on our website and/or
	through our security advisories. Our advisories are a service
	to our customers intended to promote secure installation and
	use of Caldera International products.


7. Acknowledgements

	This vulnerability was discovered and researched by David A.
	Holland <[email protected]>.
    =20

	=20
___________________________________________________________________________

--3V7upXqbjpZ4EhLz
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjwVZHIACgkQaqoBO7ipriHEGACdGTuhPlva0PpRiIE6neJUhEsw
acoAn2K5PyT45yeOM8Zt8VseaSIzJX6h
=CY9g
-----END PGP SIGNATURE-----

--3V7upXqbjpZ4EhLz--

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру