Caldera IDENT daemon Denial of Service Vulnerability

Bugtraq ID:	1266
Class:	Boundary Condition Error
CVE:
Remote:	Yes
Local:	Yes
Published:	Oct 08 1999 12:00AM
Updated:	Oct 08 1999 12:00AM
Credit:	<unknown>
Vulnerable:	Caldera OpenLinux 2.3
Not Vulnerable:

Caldera IDENT daemon Denial of Service Vulnerability

As part of the default installation, a server for the IDENT protocol is installed. This service is used e.g. by several FTP and mail servers to find out the name of the user establishing a connection.

The ident daemon will erroneously create several new threads for every incoming request. This can be abused to mount a denial of service attack on the target host.

Caldera IDENT daemon Denial of Service Vulnerability

Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].

Caldera IDENT daemon Denial of Service Vulnerability

Solution:
The proper solution is to upgrade to the latest packages.


Caldera OpenLinux 2.3

• Caldera pidentd-3.0.7-2.i386.rpm
  ftp://ftp.calderasystems.com/pub/OpenLinux/updates/2.3/current/RPMS/pi dentd-3.0.7-2.i386.rpm

Caldera IDENT daemon Denial of Service Vulnerability

References: