-----BEGIN PGP SIGNED MESSAGE-----

______________________________________________________________________________
		   Caldera Systems, Inc.  Security Advisory

Subject:		IDENT daemon denial of service
Advisory number: 	CSSA-1999:029.0
Issue date: 		1999 October, 8
Last change:		1999 October, 13
Cross reference:
______________________________________________________________________________


1. Problem Description

   As part of the default installation, a server for the IDENT protocol
   is installed. This service is used e.g. by several FTP and mail
   servers to find out the name of the user establishing a connection.

   Due to a bug, the ident daemon will create several new threads for
   every incoming request. This can be abused to mount a denial of
   service attack on you machine.


2. Vulnerable Versions

   Systems : COL 2.3
   Packages: pidentd-3.0.4-1

3. Solutions

   Workaround:

   Disable to ident service using

	lisa --inetd disable auth 0

   The proper solution is to upgrade to the latest packages

	pidentd-3.0.7-2.i386.rpm
	
4. Location of Fixed Packages

   The upgrade packages can be found on Caldera's FTP site at:

   ftp://ftp.calderasystems.com/pub/OpenLinux/updates/2.3/current/RPMS/

   The corresponding source code package can be found at:

   ftp://ftp.calderaystems.com/pub/OpenLinux/updates/2.3/current/SRPMS/

5. Installing Fixed Packages

   Upgrade the affected packages with the following commands:

        rpm -U pidentd-3.0.7-2.i386.rpm
        
6. Verification

   a6ded36bafce389098a9b393d8b2a95f  RPMS/pidentd-3.0.7-2.i386.rpm
   23fa372638f3929e54e6cbd18d37ea55  SRPMS/pidentd-3.0.7-2.src.rpm

7. References

   This and other Caldera security resources are located at:

   http://www.calderasystems.com/news/security/index.html

   This security fix closes Caldera's internal Problem Report 5142

8. Disclaimer
   Caldera Systems, Inc. is not responsible for the misuse of any of the
   information we provide on this website and/or through our security
   advisories. Our advisories are a service to our customers intended to
   promote secure installation and use of Caldera OpenLinux.

______________________________________________________________________________


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: latin1

iQCVAwUBOARVVOn+9R4958LpAQGjVgP/a39Jchg0ozvOycIYTJrZ2IifEjzb9vZ6
KErwD3aM/Kk7HHKKxcd8YdbZeprfwXkDFkxXn1FjnsUImMlu5JD2TDfjmmt82qBn
SIJjogSo2nCj2RvksnBWV4cexsg+hGJYAnO1ezLHqz7GU9UyTDo2rkR6xvbf4Tah
mt4vxFEAQhQ=
=DlT7
-----END PGP SIGNATURE-----