TUCoPS :: SCO :: cs2sco25.txt

OpenServer 5.0.5/6 : snmpd denial-of-service vulnerabilities. - Caldera Advisory CSSA-2002-SCO.25

To: bugtraq@securityfocus.com announce@lists.caldera.com scoannmod@xenitec.on.ca

______________________________________________________________________________

		Caldera International, Inc.  Security Advisory

Subject:		OpenServer 5.0.5 OpenServer 5.0.6 : snmpd denial-of-service vulnerabilities.
Advisory number: 	CSSA-2002-SCO.25
Issue date: 		2002 June 10
Cross reference:
______________________________________________________________________________


1. Problem Description

	The University of Oulu (Finland) wrote approximately 53000
	tests for snmpd error conditions. For OpenServer, many of
	the tests caused the snmp daemon to grow in size. This could
	lead to denial-of-service attacks.


2. Vulnerable Supported Versions

	System				Binaries
	----------------------------------------------------------------------
	OpenServer 5.0.5 		/usr/lib/libsnmp.so.1.Z
	OpenServer 5.0.6		/usr/lib/libsnmp.so.1.Z


3. Solution

	The proper solution is to install the latest packages.


4. OpenServer 5.0.5

	4.1 Location of Fixed Binaries

	ftp://ftp.caldera.com/pub/updates/OpenServer/CSSA-2002-SCO.25


4.2 Verification

	MD5 (VOL.000.000) = 5cd988029bb6da765d2e4040759dbd33

	md5 is available for download from
		ftp://ftp.caldera.com/pub/security/tools


4.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following commands:

	1) Download the VOL* file to the /tmp directory

	Run the custom command, specify an install from media images,
	and specify the /tmp directory as the location of the images.


5. OpenServer 5.0.6

	5.1 Location of Fixed Binaries

	ftp://ftp.caldera.com/pub/updates/OpenServer/CSSA-2002-SCO.25


5.2 Verification

	MD5 (VOL.000.000) = 5cd988029bb6da765d2e4040759dbd33

	md5 is available for download from
		ftp://ftp.caldera.com/pub/security/tools


5.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following commands:

	1) Download the VOL* file to the /tmp directory

	Run the custom command, specify an install from media images,
	and specify the /tmp directory as the location of the images.


6. References

	Specific references for this advisory:
		http://www.cert.org/advisories/CA-2002-03.html

Caldera security resources:
		http://www.caldera.com/support/security/index.html

This security fix closes Caldera incidents sr858202,SCO-559-1345
	and erg711930.


7. Disclaimer

	Caldera International, Inc. is not responsible for the
	misuse of any of the information we provide on this website
	and/or through our security advisories. Our advisories are
	a service to our customers intended to promote secure
	installation and use of Caldera products.


8. Acknowledgements

	This vulnerability was discovered and researched by the
	University of Oulu (oulu.fi).

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH