<<< Date Index >>>     <<< Thread Index >>>

[NILESA-20050701] UnixWare 7.x RPC portmapper Dos Vulnerability



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================================================
                        NileSOFT Security Advisory
- 
--------------------------------------------------------------------------------
ID      : NILESA-20050701
Title   : rpcbind Invalid portmap Request Causes Denial of Service
Vendor  : SCO
URL     : www.sco.com
Product : UnixWare 7.x (and maybe other versions)
Severity: Moderate
Local   : Possible
Remote  : Possible
Date    : 2005.07.25
CVE ID  : CAN-2005-2132
Author  : Yun Jonglim / NileSOFT (www.nilesoft.co.kr)
================================================================================

1. Summary

When the UnixWare 7.x version of the RPC portmapper(rpcbind) receives an invalid
portmap request from a remote (or local) host, it falls into a denial of service
state and cannot respond.

2. Vulnerability Description

When the UnixWare 7.x version of the RPC portmapper(rpcbind) receives a number 
of
invalid portmap requests, it falls into a denial of service state and does not
respond to normal RPC portmap requests.
rpcbind maps each RPC service to the corresponding port for remote(or local) RPC
service requests. Therefore, when rpcbind falls into a denial of service state,
the port mapping does not operate normally and will cause most RPC services to 
be
unusable.

3. Impact

The RPC services will not operate normally.

4. Remedy

SCO will be releasing the advisory and fix: SCOSA-2005.31.
http://www.sco.com/support/security/index.html
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.31

5. Disclosure Dates

2005/05/15 First discovered and analyzed
2005/06/01 Vender notified and initial response
2005/07/19 Vender Confirmed and patch prepared
2005/07/25 Advisory released

6. CVE Information

The Common Vulnerabilities and Exposures (CVE) project has assigned the
names CAN-2005-2132 to these issues. This is a candidate for inclusion
in the CVE list (http://cve.mitre.org), which standardizes names for
security problems.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (MingW32) - GPGshell v3.30

iQEVAwUBQubU3oFNV2ryoBXjAQIPBAf/apd71pVJN6tf3MRefWZgbBCrKIhMfEAr
fjn+9t8dcjg0v4PT5U2KBu6VeKS6h/Q1tuz9cfHxs4fSDrldgcSCjYqsnU6PrVDq
6VjwJgSzJ5KCam/5Lt4ORQWVW0kKrO6eQyEWC/wEBHfYimY7XaZrFmYVAL/k+wcG
AsPYvkBv2zaPdHLYPQJJkkGnxHiE04MWUgQbVP5iv1WfO1W9QpIiM1AHeeaP4Fy5
+mM58OgpGKCKZZs15869xHOOM4j1BN4non1AqpRrqq8GYWeXIkdkHRzeDayyxn0L
tb+1PVcX4m4gNvfMJHrx04RiAq02dTyJSZzHv2mIC66mKY4h4L/MUQ==
=wRT6
-----END PGP SIGNATURE-----