SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips
 

Vulnerability Note VU#266817

Multiple Sun RPC-based libc implementations fails to provide time-out mechanism when reading data from TCP connections

Overview

A denial-of-service vulnerability exists in multiple vendor Sun RPC-based libc implementations.

I. Description

Multiple vendor Sun RPC-based libc implementations fail to properly read data from TCP connections. As a result, a remote attacker can deny service to system daemons.

II. Impact

A remote attacker can connect to a vulnerable service and cause the service to hang.

III. Solution

Apply a vendor patch when available.

Systems Affected
VendorStatusDate Updated
Apple Computer Inc.Vulnerable18-Nov-2002
BSDIUnknown8-Oct-2002
ConectivaUnknown7-Oct-2002
Cray Inc.Unknown30-Oct-2002
Data GeneralUnknown7-Oct-2002
DebianUnknown14-Oct-2002
EngardeUnknown8-Oct-2002
FreeBSDUnknown8-Oct-2002
FujitsuUnknown8-Oct-2002
GNU glibcVulnerable4-Nov-2002
Hewlett-Packard CompanyUnknown14-Oct-2002
IBMVulnerable15-Jan-2003
MandrakeSoftUnknown8-Oct-2002
MontaVista SoftwareUnknown7-Oct-2002
NEC CorporationUnknown7-Oct-2002
NetBSDUnknown14-Oct-2002
OpenBSDUnknown7-Oct-2002
Openwall GNU/*/LinuxUnknown8-Oct-2002
Red Hat Inc.Unknown8-Oct-2002
SequentUnknown7-Oct-2002
SGIVulnerable8-Nov-2002
Sony CorporationUnknown8-Oct-2002
Sun Microsystems Inc.Vulnerable28-Jan-2003
SuSE Inc.Unknown7-Oct-2002
The SCO Group (SCO Linux)Unknown7-Oct-2002
The SCO Group (SCO UnixWare)Unknown7-Oct-2002
UnisysUnknown14-Oct-2002
Wind River Systems Inc.Unknown7-Oct-2002
WirexUnknown14-Oct-2002

References


http://www.securityfocus.com/bid/6103

Credit

This document was written by Ian A Finlay.

Other Information

Date Public11/04/2002
Date First Published11/04/2002 02:15:27 PM
Date Last Updated04/09/2003
CERT Advisory 
CVE NameCAN-2002-1265
US-CERT Technical Alerts 
Metric10.31
Document Revision21

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Copyright 2002 Carnegie Mellon University
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader