Info

Disclosure

Mar 12, 2001

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

timed contains a flaw that may allow a remote denial of service. The issue is triggered when sending malformed packets, which causes the daemon to crash, and will result in loss of availability for the service.

Classification

Location: Remote/Network Access Required
Attack Type: Denial of Service
Impact: Loss of Availability
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Contact your vendor for an appropriate upgrade. An upgrade is required as there are no known workarounds.

Products

Novell, Inc.	SUSE LINUX	7.1
		7.0
		6.4
		6.3
		6.2
		6.1

Silicon Graphics, Inc.	IRIX	6.5.15
		6.5.14
		6.5.13
		6.5.12
		6.5.11
		6.5.10
		6.5.9
		6.5.8
		6.5.7
		6.5.6
		6.5.5
		6.5.4
		6.5.3
		6.5.2
		6.5.1
		6.5

MandrakeSoft	Mandrakelinux	7.2
		7.1
		7.0
		6.1
		6.0
	Corporate Server	1.0.1

Santa Cruz Operation, Inc.	OpenServer	5.0.6
		5.0.5

FreeBSD Project	FreeBSD	3.5
		4.2
		4.1.1
		4.1
		4.0
		3.4
		3.3
		3.2
		3.1
		3.0

References

CVE ID: 2001-0388 (see also: NVD)
Bugtraq ID: 2491
ISS X-Force ID: 6228
Vendor Specific Advisory URL: ftp://ftp.caldera.com/pub/updates/OpenServer/CSSA-2002-SCO.33/CSSA-2002-SCO.33.tx ...... ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:28.timed.asc ftp://patches.sgi.com/support/free/security/advisories/20020401-02-P http://archives.neohapsis.com/archives/bugtraq/2001-03/0310.html
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2001:034
CIAC Advisory: m-067

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Novell, Inc.

SUSE LINUX

Silicon Graphics, Inc.

IRIX

MandrakeSoft

Mandrakelinux

Corporate Server

Santa Cruz Operation, Inc.

OpenServer

FreeBSD Project

FreeBSD

References

Credit