"

Recent SCO/Linux News


Index
Recent SCO Security Info
Recent SCO TA's
There is a LOT more here: try Searching this site


From: security@caldera.com
Subject: Security Update: [CSSA-2002-SCO.25] OpenServer 5.0.5 OpenServer 5.0.6 : snmpd denial-of-service vulnerabilities.
Date: Mon, 10 Jun 2002 23:50:01 GMT


Hate these ads?




--ftEhullJWpWg/VHq
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline









To: bugtraq@securityfocus.com announce@lists.caldera.com scoannmod@xenitec.on.ca



______________________________________________________________________________



                Caldera International, Inc.  Security Advisory



Subject:                OpenServer 5.0.5 OpenServer 5.0.6 : snmpd denial-of-service vulnerabilities.
Advisory number:        CSSA-2002-SCO.25
Issue date:             2002 June 10
Cross reference:
______________________________________________________________________________




1. Problem Description



        The University of Oulu (Finland) wrote approximately 53000
        tests for snmpd error conditions. For OpenServer, many of
        the tests caused the snmp daemon to grow in size. This could
        lead to denial-of-service attacks.




2. Vulnerable Supported Versions



        System                          Binaries
        ----------------------------------------------------------------------
        OpenServer 5.0.5                /usr/lib/libsnmp.so.1.Z
        OpenServer 5.0.6                /usr/lib/libsnmp.so.1.Z




3. Solution



        The proper solution is to install the latest packages.




4. OpenServer 5.0.5



        4.1 Location of Fixed Binaries



        ftp://ftp.caldera.com/pub/updates/OpenServer/CSSA-2002-SCO.25




        4.2 Verification



        MD5 (VOL.000.000) = 5cd988029bb6da765d2e4040759dbd33



        md5 is available for download from
                ftp://ftp.caldera.com/pub/security/tools




        4.3 Installing Fixed Binaries



        Upgrade the affected binaries with the following commands:



        1) Download the VOL* file to the /tmp directory



        Run the custom command, specify an install from media images,
        and specify the /tmp directory as the location of the images.




5. OpenServer 5.0.6



        5.1 Location of Fixed Binaries



        ftp://ftp.caldera.com/pub/updates/OpenServer/CSSA-2002-SCO.25




        5.2 Verification



        MD5 (VOL.000.000) = 5cd988029bb6da765d2e4040759dbd33



        md5 is available for download from
                ftp://ftp.caldera.com/pub/security/tools




        5.3 Installing Fixed Binaries



        Upgrade the affected binaries with the following commands:



        1) Download the VOL* file to the /tmp directory



        Run the custom command, specify an install from media images,
        and specify the /tmp directory as the location of the images.




6. References



        Specific references for this advisory:
                http://www.cert.org/advisories/CA-2002-03.html



        Caldera security resources:
                http://www.caldera.com/support/security/index.html



        This security fix closes Caldera incidents sr858202,SCO-559-1345
        and erg711930.




7. Disclaimer



        Caldera International, Inc. is not responsible for the
        misuse of any of the information we provide on this website
        and/or through our security advisories. Our advisories are
        a service to our customers intended to promote secure
        installation and use of Caldera products.




8. Acknowledgements



        This vulnerability was discovered and researched by the
        University of Oulu (oulu.fi).



______________________________________________________________________________



--ftEhullJWpWg/VHq
Content-Type: application/pgp-signature
Content-Disposition: inline



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org



iEYEARECAAYFAj0FOykACgkQaqoBO7ipriH0rwCfc0B5F5D8t6oQntx/Cr0KoAjg
h80AnAhLSnjr/iuTlY2YIBbBXg9xyLBk
=W6C6
-----END PGP SIGNATURE-----



--ftEhullJWpWg/VHq--



Index





Comments


Add your comments

Enter your email address for automatic notification of new posts here
(be sure to whitelist 'feedburner.com' if you use spam filtering)

Or use any RSS reader

Delivered by FeedBurner




Have you tried Searching this site?

Unix/Linux/Mac OS X support by phone, email or on-site: Support Rates

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more. We appreciate comments and article submissions.

Publishing your articles here

More:




Unix/Linux Consultants


UBB Computer Services Support for Openserver, Unixware and Linux. Windows integration with Unix/Linux servers. Hardware, Backup and Networking issues. Located near Sacramento CA, we provide onsite support throughout Northern CA and Nationwide via remote access. We are a SCO Authorized Partner and a Microlite BackupEdge Certified Reseller.


http://echo3.net/ Unix/Linux Custom Applications, Web Hosting, C/C++ Programming Courses


http://www.schewanick.com SCO Unix, Solaris, Linx (various), PHP, MySQL, Apache, uniBasic, dL4, Perl, System Administration and more....


Twitter
  • Dec 3 14:01
    Just went out and added more bungee reinforcement. That ought to hold it..
  • Dec 3 13:58
    I'm second guessing myself on how I bungeed the cover on my golf cart for winter storage. Wondering if high wind could rip it off..




card_image







Change Congress