SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Timed Vendors:   Caldera/SCO
Null Termination Error in Time Daemon (timed) for Open UNIX and UnixWare Allows Remote Denial of Service Attacks
SecurityTracker Alert ID:  1002938
SecurityTracker URL:  http://securitytracker.com/id/1002938
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Dec 11 2001
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   Caldera reported a denial of service vulnerability in the timed time daemon for Open UNIX and UnixWare.

It is reported that the timed program does not enforce null-termination of strings in certain situations. A remote user could conduct a denial of service attack against the service.

The affected file is /usr/sbin/in.timed.

No further details were provided.

Impact:   A remote user could conduct a denial of service attack against the service.
Solution:   The vendor has released a fix:

ftp://stage.caldera.com/pub/security/openunix/CSSA-2001-SCO.39/

The verification checksum is:

87c68b618f4317dd92460aaa49e6a522 erg711890.Z

Upgrade the affected binaries with the following commands:

# uncompress /tmp/erg711890.Z
# pkgadd -d /tmp/erg711890

Vendor URL:  stage.caldera.com/support/security/ (Links to External Site)
Cause:   Boundary error, Input validation error
Underlying OS:  UNIX (Open UNIX-SCO)
Underlying OS Comments:  UnixWare 7; Open UNIX 8.0.0

Message History:   This archive entry has one or more follow-up message(s) listed below.
(SGI Issues Fix) Null Termination Error in Time Daemon (timed) Allows Remote Denial of Service Attacks
The vendor has released a fix.
(Caldera Issues Fix for OpenServer) Null Termination Error in Time Daemon (timed) for Open UNIX and UnixWare Allows Remote Denial of Service Attacks
Caldera has released a fix for OpenServer.



 Source Message Contents

Subject:  Security Update: [CSSA-2001-SCO.39] Open UNIX, UnixWare 7: timed does not enforce nulls


--3V7upXqbjpZ4EhLz
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: 8bit            

To: bugtraq@securityfocus.com announce@lists.caldera.com scoannmod@xenitec.on.ca

___________________________________________________________________________

	    Caldera International, Inc. Security Advisory

Subject:		Open UNIX, UnixWare 7: timed does not enforce nulls
Advisory number: 	CSSA-2001-SCO.39
Issue date: 		2001 December 10
Cross reference:
___________________________________________________________________________


1. Problem Description
	
	The timed program does not enforce null-termination of strings
	in certain situations. It is possible that this could be used
	by a malicious user to perform a remote denial-of-service
	attack.


2. Vulnerable Versions

	Operating System	Version		Affected Files
	------------------------------------------------------------------
	UnixWare 7		All		/usr/sbin/in.timed
	Open UNIX		8.0.0		/usr/sbin/in.timed


3. Workaround

	If the in.timed service is not needed, it may be disabled.


4. UnixWare 7, Open UNIX 8

  4.1 Location of Fixed Binaries

	ftp://stage.caldera.com/pub/security/openunix/CSSA-2001-SCO.39/


  4.2 Verification

	md5 checksums:
	
	87c68b618f4317dd92460aaa49e6a522	erg711890.Z


	md5 is available for download from

		ftp://stage.caldera.com/pub/security/tools/


  4.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following commands:

	# uncompress /tmp/erg711890.Z
	# pkgadd -d /tmp/erg711890


5. References

	http://xforce.iss.net/static/6228.php
	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0388

	This and other advisories are located at
		http://stage.caldera.com/support/security

	This advisory addresses Caldera Security internal incidents
	sr855196, fz519311, erg711890.


6. Disclaimer

	Caldera International, Inc. is not responsible for the misuse
	of any of the information we provide on our website and/or
	through our security advisories. Our advisories are a service
	to our customers intended to promote secure installation and
	use of Caldera International products.


7. Acknowledgements

	This vulnerability was discovered and researched by David A.
	Holland <dholland@www.linux.org.uk>.
     

	 
___________________________________________________________________________

--3V7upXqbjpZ4EhLz
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjwVZHIACgkQaqoBO7ipriHEGACdGTuhPlva0PpRiIE6neJUhEsw
acoAn2K5PyT45yeOM8Zt8VseaSIzJX6h
=CY9g
-----END PGP SIGNATURE-----

--3V7upXqbjpZ4EhLz--

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC