[prev in list] [next in list] [prev in thread] [next in thread] 

List:       pgp-keyserver-folk
Subject:    Re: Remote DoS attack in Networks Associates PGP Certificate Server
From:       "L. Sassaman" <rabbi () quickie ! net>
Date:       2000-06-15 3:11:56
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, 14 Jun 2000, Ussr Labs wrote:

> THE PROBLEM
> 
> The Ussr Labs team has recently discovered a null memory problem in
> the PGP Certificate Server,
> 
> The issue we found is if anyone connect to the PGP Certificate Server
> Command Port (used for manage Server operations) default (Port 4000)
> and the server is unable to resolve your IP address to a host name it
> will cause the process containg the services to crash.

Note that an identical problem exists on port 5000 if you have replication
running on that port. (The only difference is that it is the replication
service that is crashed.) 

> Fix:
> Network Associates has released a patch for this vulnerability.
> Users should contact Network Associates Technical Support at
> 1-800-722-3709
> for information.

The upgrade fixes an additional problem as well, where in rare cases an
infinate loop could occur during replication. So upgrading is probably a
good idea.

- --Len.

__

L. Sassaman

System Administrator                |  "If you chose not to decide, 
Technology Consultant               |  you still have made a choice" 
icq.. 10735603                      |  
pgp.. finger://ns.quickie.net/rabbi |                    --Rush

-----BEGIN PGP SIGNATURE-----
Comment: OpenPGP Encrypted Email Preferred.

iD8DBQE5SEmEPYrxsgmsCmoRAknZAKDyj6oE+cc6Uv6bo8FQmUYKRxldcACfX2uw
rpF3cXTeidwpQXTD2Tu/Azo=
=6H6+
-----END PGP SIGNATURE-----

[prev in list] [next in list] [prev in thread] [next in thread]