Date: Thu, 15 Nov 2001 13:45:45 -0800
From: security@caldera.com
To: bugtraq@securityfocus.com, announce@lists.caldera.com,
Subject: Security Update: [CSSA-2001-SCO.33] OpenServer 5.0.5: nmap port scanner can kill inetd
--sm4nu43k4a2Rpi4c
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
To: bugtraq@securityfocus.com announce@lists.caldera.com scoannmod@xenitec.=
on.ca
___________________________________________________________________________
Caldera International, Inc. Security Advisory
Subject: OpenServer 5.0.5: nmap port scanner can kill inetd
Advisory number: CSSA-2001-SCO.33
Issue date: 2001 November 15
___________________________________________________________________________
1. Problem Description
=09
The "nmap" port scanner can kill inetd if invoked with the -P0
flag.=20
2. Vulnerable Versions
Operating System Version Affected Files
------------------------------------------------------------------
OpenServer 5.0.5 /etc/inetd
3. Workaround
This problem is fixed in the OpenServer 5.0.6 product. If an
OpenServer 5.0.6 machine is available, the inetd binary from
it can be used on the OpenServer 5.0.5 machine.
4. OpenServer
4.1 Location of Fixed Binaries
ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.33/
4.2 Verification
md5 checksums:
43a9a473c59b6af8314504701f331a86 inetd.Z
md5 is available for download from
ftp://stage.caldera.com/pub/security/tools/
4.3 Installing Fixed Binaries
Upgrade the affected binaries with the following commands:
Download inetd.Z into the /tmp directory
# cd /tmp
# uncompress inetd.Z
# mv /etc/inetd /etc/inetd-
# chmod 0 /etc/inetd-
# mv /tmp/inetd /etc
# chown bin:bin /etc/inetd
# chmod 711 /etc/inetd
5. References
http://lists.insecure.org/nmap-hackers/2000/Jan-Mar/0073.html
This and other advisories are located at
http://stage.caldera.com/support/security
This advisory addresses Caldera Security internal incidents
sr853144, SCO-236-1787, and erg711859.
6. Disclaimer
Caldera International, Inc. is not responsible for the misuse
of any of the information we provide on our website and/or
through our security advisories. Our advisories are a service
to our customers intended to promote secure installation and
use of Caldera International products.
=20
___________________________________________________________________________
--sm4nu43k4a2Rpi4c
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAjv0N4kACgkQaqoBO7ipriGpXQCgl2sxwcPIxh16mLkKVLcjuEMr
MRUAoJ00SmXGF0K1U2V2hiM7EdC2Ss4w
=tzEn
-----END PGP SIGNATURE-----
--sm4nu43k4a2Rpi4c--
