SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Timed Vendors:   Caldera/SCO
(Caldera Issues Fix for OpenServer) Null Termination Error in Time Daemon (timed) for Open UNIX and UnixWare Allows Remote Denial of Service Attacks
SecurityTracker Alert ID:  1004782
SecurityTracker URL:  http://securitytracker.com/id/1004782
CVE Reference:   CVE-2001-0388   (Links to External Site)
Date:  Jul 16 2002
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   Caldera reported a denial of service vulnerability in the timed time daemon for Open UNIX and UnixWare.

It is reported that the timed program does not enforce null-termination of strings in certain situations. A remote user could conduct a denial of service attack against the service.

The affected file is /usr/sbin/in.timed.

No further details were provided.

Impact:   A remote user could conduct a denial of service attack against the service.
Solution:   Caldera has released a fix for SCO OpenServer.

For OpenServer 5.0.5:

Location of Fixed Binaries

ftp://ftp.caldera.com/pub/updates/OpenServer/CSSA-2002-SCO.33


Verification

MD5 (VOL.000.000) = 8f818406b55b806e10b05c3647517265

md5 is available for download from
ftp://ftp.caldera.com/pub/security/tools


Installing Fixed Binaries

Upgrade the affected binaries with the following commands:

1) Download the VOL* files to the /tmp directory

Run the custom command, specify an install from media images, and specify the /tmp directory as the location of the images.


For OpenServer 5.0.6:

Location of Fixed Binaries

ftp://ftp.caldera.com/pub/updates/OpenServer/CSSA-2002-SCO.33


Verification

MD5 (VOL.000.000) = 8f818406b55b806e10b05c3647517265

md5 is available for download from
ftp://ftp.caldera.com/pub/security/tools


Installing Fixed Binaries

Upgrade the affected binaries with the following commands:

1) Download the VOL* files to the /tmp directory

Run the custom command, specify an install from media images, and specify the /tmp directory as the location of the images.

Vendor URL:  www.caldera.com/support/security/index.html (Links to External Site)
Cause:   Boundary error, Input validation error
Underlying OS:  UNIX (Open UNIX-SCO)
Underlying OS Comments:  SCO OpenServer 5.0.5, 5.0.6

Message History:   This archive entry is a follow-up to the message listed below.
Dec 11 2001 Null Termination Error in Time Daemon (timed) for Open UNIX and UnixWare Allows Remote Denial of Service Attacks



 Source Message Contents

Subject:  Security Update: [CSSA-2002-SCO.33] OpenServer 5.0.5 OpenServer 5.0.6 : timed does not enforce nulls


--45Z9DzgjV8m4Oswq
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

To: bugtraq@securityfocus.com announce@lists.caldera.com scoannmod@xenitec.on.ca

______________________________________________________________________________

		Caldera International, Inc.  Security Advisory

Subject:		OpenServer 5.0.5 OpenServer 5.0.6 : timed does not enforce nulls
Advisory number: 	CSSA-2002-SCO.33
Issue date: 		2002 July 15
Cross reference:
______________________________________________________________________________


1. Problem Description

	The timed program does not enforce null-termination of
	strings in certain situations. It is possible that this
	could be used by a malicious user to perform a remote
	denial-of-service attack.


2. Vulnerable Supported Versions

	System				Binaries
	----------------------------------------------------------------------
	OpenServer 5.0.5		/etc/timed
	OpenServer 5.0.6		/etc/timed


3. Solution

	The proper solution is to install the latest packages.


4. OpenServer 5.0.5

	4.1 Location of Fixed Binaries

	ftp://ftp.caldera.com/pub/updates/OpenServer/CSSA-2002-SCO.33


	4.2 Verification

	MD5 (VOL.000.000) = 8f818406b55b806e10b05c3647517265

	md5 is available for download from
		ftp://ftp.caldera.com/pub/security/tools


	4.3 Installing Fixed Binaries

		Upgrade the affected binaries with the following commands:

	1) Download the VOL* files to the /tmp directory

	Run the custom command, specify an install from media images,
	and specify the /tmp directory as the location of the images.


5. OpenServer 5.0.6

	5.1 Location of Fixed Binaries

	ftp://ftp.caldera.com/pub/updates/OpenServer/CSSA-2002-SCO.33


	5.2 Verification

	MD5 (VOL.000.000) = 8f818406b55b806e10b05c3647517265

	md5 is available for download from
		ftp://ftp.caldera.com/pub/security/tools


	5.3 Installing Fixed Binaries

		Upgrade the affected binaries with the following commands:

	1) Download the VOL* files to the /tmp directory

	Run the custom command, specify an install from media images,
	and specify the /tmp directory as the location of the images.


6. References

	Specific references for this advisory:
		http://xforce.iss.net/static/6228.php
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0388

	Caldera security resources:
		http://www.caldera.com/support/security/index.html

	This security fix closes Caldera incidents sr855195,
	SCO-559-1321, erg711889.


7. Disclaimer

	Caldera International, Inc. is not responsible for the
	misuse of any of the information we provide on this website
	and/or through our security advisories. Our advisories are
	a service to our customers intended to promote secure
	installation and use of Caldera products.


8. Acknowledgements

	This vulnerability was discovered and researched by David
	A. Holland <dholland@www.linux.org.uk>.

______________________________________________________________________________

--45Z9DzgjV8m4Oswq
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAj0zYy8ACgkQaqoBO7ipriGbjgCgjdMr8gIZIDgV5HbCrM7ANOMY
4ksAn2+J233zPr23rl3N75IoZDwvYLqu
=qxrB
-----END PGP SIGNATURE-----

--45Z9DzgjV8m4Oswq--

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC