A denial-of-service vulnerability exists in multiple vendor implementations of the Distributed Computing Environment. This vulnerability may allow a remote attacker to cause the service to fail. Note that this vulnerability may be triggered by attackers attempting to exploit VU#568148 and VU#326746.
The Open Group describes the Distributed Computing Environment (DCE) as an "industry-standard, vendor-neutral set of distributed computing technologies." They go on to describe DCE as follows:
DCE provides a complete Distributed Computing Environment infrastructure. It provides security services to protect and control access to data, name services that make it easy to find distributed resources, and a highly scalable model for organizing widely scattered users, services, and data. DCE runs on all major computing platforms and is designed to support distributed applications in heterogeneous hardware and software environments.
A remote attacker may be able to cause the DCE service to either hang or terminate, which will effectively make it impossible for DCE clients to communicate with the DCE server.
Apply a patch.
Cray Inc. Affected
Entegrity Solutions Corp Affected
Hewlett-Packard Company Affected
Apple Computer Inc. Not Affected
F5 Networks Not Affected
Foundry Networks Inc. Not Affected
Ingrian Networks Not Affected
Juniper Networks Not Affected
Lotus Software Not Affected
Microsoft Corporation Not Affected
NetBSD Not Affected
Openwall GNU/*/Linux Not Affected
Sun Microsystems Inc. Not Affected
Cisco Systems Inc. Unknown
Computer Associates Unknown
D-Link Systems Unknown
Data General Unknown
Extreme Networks Unknown
Lucent Technologies Unknown
MontaVista Software Unknown
Multi-Tech Systems Inc. Unknown
NEC Corporation Unknown
Network Appliance Unknown
Nortel Networks Unknown
Oracle Corporation Unknown
Red Hat Inc. Unknown
Redback Networks Inc. Unknown
Riverstone Networks Unknown
Sony Corporation Unknown
SuSE Inc. Unknown
Wind River Systems Inc. Unknown
This document was written by Ian A Finlay.
|Date First Published:||2003-08-08|
|Date Last Updated:||2003-08-18 14:12 UTC|