MultiVendor DCE Unspecified DoS

2003-08-11T10:23:24
ID OSVDB:2385
Type osvdb
Reporter OSVDB
Modified 2003-08-11T10:23:24

Description

Vulnerability Description

Distributed Computing Environment (DCE) contains a flaw that may allow a remote denial of service. The issue is triggered when invalid traffic is received by the DCE daemon occurs, and will result in loss of availability for the service.

Technical Description

SOFTWARE: Entegrity DCE/DFS for Linux 1.x Entegrity DCE/DFS for Tru64 4.x Entegrity PC-DCE 4.x Entegrity PC-DCE 5.x IBM DCE for AIX 3.x IBM DCE for Solaris 3.x IBM DCE for Windows 3.x OpenGroup DCE 1.x

HP Official Patches: HP-UX B.11.00 HP-UX B.11.11 OVOPC-CLT.OVOPC-SOL-CLT,fr=A.07.10: PHSS_29645

HP-UX B.11.00 OVOPC-CLT.OVOPC-SOL-CLT,fr=A.06.00: PHSS_29646

HP-UX B.11.00 HP-UX B.11.11 OVOPC-CLT.OVOPC-LIN-CLT,fr=A.07.10: PHSS_29626

HP-UX B.11.00 OVOPC-CLT-ENG.OVOPC-LIN-CLT,fr=A.06.00: PHSS_29644

SGI Official Patches:

SGI Patch patch5313 SGI Patch patch5314

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, HP and SGI have released patches to address this vulnerability. At this time, there is no patch from Cray.

Short Description

Distributed Computing Environment (DCE) contains a flaw that may allow a remote denial of service. The issue is triggered when invalid traffic is received by the DCE daemon occurs, and will result in loss of availability for the service.

Manual Testing Notes

This DoS can be caused by traffic generated by the "Blaster" worm.

References:

Vendor Specific Solution URL: ftp://patches.sgi.com/support/free/security/advisories/20030902-01-P Vendor Specific Solution URL: ftp://ovweb.external.hp.com/pub/cpe/ito/DCE Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Secunia Advisory ID:9538 Secunia Advisory ID:9482 Secunia Advisory ID:9861 Related OSVDB ID: 2834 Other Advisory URL: http://archives.neohapsis.com/archives/hp/2003-q3/0042.html Microsoft Security Bulletin: MS03-026 CVE-2003-0746 CERT VU: 568148 CERT VU: 377804 CERT: CA-2003-16 Bugtraq ID: 8371