Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:2259
HistoryDec 12, 2001 - 12:00 a.m.

Security Update: [CSSA-2001-SCO.39] Open UNIX, UnixWare 7: timed does not enforce nulls

2001-12-1200:00:00
vulners.com
9
JSON

To: [email protected] [email protected]
[email protected]

        Caldera International, Inc. Security Advisory

Subject: Open UNIX, UnixWare 7: timed does not enforce nulls
Advisory number: CSSA-2001-SCO.39
Issue date: 2001 December 10
Cross reference:

  1. Problem Description

     The timed program does not enforce null-termination of strings
 in certain situations. It is possible that this could be used
 by a malicious user to perform a remote denial-of-service
 attack.

  2. Vulnerable Versions

     Operating System        Version         Affected Files
 ------------------------------------------------------------------
 UnixWare 7              All             /usr/sbin/in.timed
 Open UNIX               8.0.0           /usr/sbin/in.timed

  3. Workaround

     If the in.timed service is not needed, it may be disabled.

  4. UnixWare 7, Open UNIX 8

4.1 Location of Fixed Binaries

    ftp://stage.caldera.com/pub/security/openunix/CSSA-2001-SCO.39/

4.2 Verification

    md5 checksums:
    
    87c68b618f4317dd92460aaa49e6a522        erg711890.Z


    md5 is available for download from

            ftp://stage.caldera.com/pub/security/tools/

4.3 Installing Fixed Binaries

    Upgrade the affected binaries with the following commands:

    # uncompress /tmp/erg711890.Z
    # pkgadd -d /tmp/erg711890

  1. References

     http://xforce.iss.net/static/6228.php
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0388

 This and other advisories are located at
         http://stage.caldera.com/support/security

 This advisory addresses Caldera Security internal incidents
 sr855196, fz519311, erg711890.

  2. Disclaimer

     Caldera International, Inc. is not responsible for the misuse
 of any of the information we provide on our website and/or
 through our security advisories. Our advisories are a service
 to our customers intended to promote secure installation and
 use of Caldera International products.

  3. Acknowledgements

     This vulnerability was discovered and researched by David A.
 Holland <[email protected]>.

Related

nessus 1
cve 1
suse 1
nessus
nessus
Mandrake Linux Security Advisory : timed (MDKSA-2001:034)
2012-09-06 00:00:00
cve
cve
CVE-2001-0388
2001-06-27 04:00:00
suse
suse
remote denial-of-service in nkitb/nkitserv
2001-03-22 19:06:00
JSON
Related for SECURITYVULNS:DOC:2259
nessus1cve1suse1