int(1376)

Vulnerability Bulletins


Denegación de servicio en rwhod

Vulnerability classification

Property Value
Confidence level Oficial
Impact Denegación de Servicio
Dificulty Experto
Required attacker level Acceso remoto sin cuenta a un servicio exotico

System information

Property Value
Affected manufacturer GNU/Linux
Affected software netkit-rwho

Description

Se ha descubierto una vulnerabilidad en el programa rwhod. Dicha vulnerabilidad afecta únicamente a arquitecturas "Little Endian"

La explotación de esta vulnerabilidad podría permitir a un atacante remoto provocar una situación de denegación de servicio del proceso rwhod.

Solution



Actualización de software

Debian Linux

Debian Linux 3.0
Source
http://security.debian.org/pool/updates/main/n/netkit-rwho/netkit-rwho_0.17-4woody2.dsc
http://security.debian.org/pool/updates/main/n/netkit-rwho/netkit-rwho_0.17-4woody2.diff.gz
http://security.debian.org/pool/updates/main/n/netkit-rwho/netkit-rwho_0.17.orig.tar.gz
Alpha
http://security.debian.org/pool/updates/main/n/netkit-rwho/rwho_0.17-4woody2_alpha.deb
http://security.debian.org/pool/updates/main/n/netkit-rwho/rwhod_0.17-4woody2_alpha.deb
ARM
http://security.debian.org/pool/updates/main/n/netkit-rwho/rwho_0.17-4woody2_arm.deb
http://security.debian.org/pool/updates/main/n/netkit-rwho/rwhod_0.17-4woody2_arm.deb
Intel IA-32
http://security.debian.org/pool/updates/main/n/netkit-rwho/rwho_0.17-4woody2_i386.deb
http://security.debian.org/pool/updates/main/n/netkit-rwho/rwhod_0.17-4woody2_i386.deb
Intel IA-64
http://security.debian.org/pool/updates/main/n/netkit-rwho/rwho_0.17-4woody2_ia64.deb
http://security.debian.org/pool/updates/main/n/netkit-rwho/rwhod_0.17-4woody2_ia64.deb
HP Precision
http://security.debian.org/pool/updates/main/n/netkit-rwho/rwho_0.17-4woody2_hppa.deb
http://security.debian.org/pool/updates/main/n/netkit-rwho/rwhod_0.17-4woody2_hppa.deb
Motorola 680x0
http://security.debian.org/pool/updates/main/n/netkit-rwho/rwho_0.17-4woody2_m68k.deb
http://security.debian.org/pool/updates/main/n/netkit-rwho/rwhod_0.17-4woody2_m68k.deb
Big endian MIPS
http://security.debian.org/pool/updates/main/n/netkit-rwho/rwho_0.17-4woody2_mips.deb
http://security.debian.org/pool/updates/main/n/netkit-rwho/rwhod_0.17-4woody2_mips.deb
Little endian MIPS
http://security.debian.org/pool/updates/main/n/netkit-rwho/rwho_0.17-4woody2_mipsel.deb
http://security.debian.org/pool/updates/main/n/netkit-rwho/rwhod_0.17-4woody2_mipsel.deb
PowerPC
http://security.debian.org/pool/updates/main/n/netkit-rwho/rwho_0.17-4woody2_powerpc.deb
http://security.debian.org/pool/updates/main/n/netkit-rwho/rwhod_0.17-4woody2_powerpc.deb
IBM S/390
http://security.debian.org/pool/updates/main/n/netkit-rwho/rwho_0.17-4woody2_s390.deb
http://security.debian.org/pool/updates/main/n/netkit-rwho/rwhod_0.17-4woody2_s390.deb
Sun Sparc
http://security.debian.org/pool/updates/main/n/netkit-rwho/rwho_0.17-4woody2_sparc.deb
http://security.debian.org/pool/updates/main/n/netkit-rwho/rwhod_0.17-4woody2_sparc.deb

Mandrake Linux

Mandrakelinux 10.0
x86
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/rwho-0.17-10.2.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/SRPMS/rwho-0.17-10.2.100mdk.src.rpm
AMD64
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/rwho-0.17-10.2.100mdk.amd64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/SRPMS/rwho-0.17-10.2.100mdk.src.rpm

Mandrakelinux 10.1
x86
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/rwho-0.17-10.2.101mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/SRPMS/rwho-0.17-10.2.101mdk.src.rpm
x86_64
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/rwho-0.17-10.2.101mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/SRPMS/rwho-0.17-10.2.101mdk.src.rpm

Corporate Server 2.1
x86
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/rwho-0.17-10.2.C21mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/SRPMS/rwho-0.17-10.2.C21mdk.src.rpm
X86_64
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/rwho-0.17-10.2.C21mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/SRPMS/rwho-0.17-10.2.C21mdk.src.rpm

Standar resources

Property Value
CVE CAN-2004-1180
BID

Other resources

Debian Security Advisory DSA 678-1
http://lists.debian.org/debian-security-announce/debian-security-announce-2005/msg00056.html

Mandrakesoft Security Advisories MDKSA-2005:039
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:039

Version history

Version Comments Date
1.0 Aviso emitido 2005-02-14
1.1 Aviso emitido por Mandrake (MDKSA-2005:039) 2005-02-17
Ministerio de Defensa
CNI
CCN
CCN-CERT