COMMAND

    Services for Unix

SYSTEMS AFFECTED

    Services for Unix 2.0 Telnet and NFS Services

PROBLEM

    Following  is  based  on  a  Microsoft Security Bulletin MS01-039.
    Among the components provided by  Services for Unix (SFU) 2.0  are
    services that implement the  NFS (Network File System)  and Telnet
    protocols.   Both  services  contain  memory  leaks  that could be
    triggered by  a user  request.   An attacker  who repeatedly  sent
    such a request  could deplete the  kernel memory on  the server to
    the  point  where   performance  slowed  and   the  system   could
    potentially fail.

    Only the  implementations provided  in SFU  2.0 are  affected.  In
    particular, the Telnet services provided in Windows NT(r) 4.0  and
    Windows(r) 2000 are not affected by the vulnerability.

    There  is  no  capability  via  the  vulnerability  to  usurp  any
    administrative control over the  server or compromise any  data on
    it.

    Credit for finding this goes to Peter Grundl.

SOLUTION

    A patch is available to  fix this vulnerability.  Please  read the
    Security Bulletin

        http://www.microsoft.com/technet/security/bulletin/ms01-039.asp

    for information on obtaining this patch.