OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: securitycaldera.com
Date: Thu Nov 15 2001 - 15:45:45 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    To: bugtraqsecurityfocus.com announcelists.caldera.com scoannmodxenitec.on.ca

    ___________________________________________________________________________

                Caldera International, Inc. Security Advisory

    Subject: OpenServer 5.0.5: nmap port scanner can kill inetd
    Advisory number: CSSA-2001-SCO.33
    Issue date: 2001 November 15
    ___________________________________________________________________________

    1. Problem Description
            
            The "nmap" port scanner can kill inetd if invoked with the -P0
            flag.

    2. Vulnerable Versions

            Operating System Version Affected Files
            ------------------------------------------------------------------
            OpenServer 5.0.5 /etc/inetd

    3. Workaround

            This problem is fixed in the OpenServer 5.0.6 product. If an
            OpenServer 5.0.6 machine is available, the inetd binary from
            it can be used on the OpenServer 5.0.5 machine.

    4. OpenServer

      4.1 Location of Fixed Binaries

            ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.33/

      4.2 Verification

            md5 checksums:

            43a9a473c59b6af8314504701f331a86 inetd.Z

            md5 is available for download from

                    ftp://stage.caldera.com/pub/security/tools/

      4.3 Installing Fixed Binaries

            Upgrade the affected binaries with the following commands:

            Download inetd.Z into the /tmp directory
            # cd /tmp
            # uncompress inetd.Z
            # mv /etc/inetd /etc/inetd-
            # chmod 0 /etc/inetd-
            # mv /tmp/inetd /etc
            # chown bin:bin /etc/inetd
            # chmod 711 /etc/inetd

    5. References

            http://lists.insecure.org/nmap-hackers/2000/Jan-Mar/0073.html

            This and other advisories are located at
                    http://stage.caldera.com/support/security

            This advisory addresses Caldera Security internal incidents
            sr853144, SCO-236-1787, and erg711859.

    6. Disclaimer

            Caldera International, Inc. is not responsible for the misuse
            of any of the information we provide on our website and/or
            through our security advisories. Our advisories are a service
            to our customers intended to promote secure installation and
            use of Caldera International products.

             
    ___________________________________________________________________________

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.0.6 (SCO_SV)
    Comment: For info see http://www.gnupg.org

    iEYEARECAAYFAjv0N4kACgkQaqoBO7ipriGpXQCgl2sxwcPIxh16mLkKVLcjuEMr
    MRUAoJ00SmXGF0K1U2V2hiM7EdC2Ss4w
    =tzEn
    -----END PGP SIGNATURE-----