|
COMMAND in.timed SYSTEMS AFFECTED All? PROBLEM In caldera advisory [CSSA-2001-SCO.39] The timed program does not enforce null-termination of strings in certain situations. It is possible that this could be used by a malicious user to perform a remote denial-of-service attack. SOLUTION If the in.timed service is not needed, it may be disabled. Caldera has released a patch : ftp://stage.caldera.com/pub/security/openunix/CSSA-2001-SCO.39/