-----BEGIN PGP SIGNED MESSAGE-----

______________________________________________________________________________
		   Caldera Systems, Inc.  Security Advisory

Subject:		IDENT daemon denial of service
Advisory number: 	CSSA-1999:029.0
Issue date: 		1999 October, 8
Cross reference:
______________________________________________________________________________


1. Problem Description

   As part of the default installation, an server for the IDENT protocol
   is installed. This service is used e.g. by several FTP and mail
   servers to find out the name of the user establishing a connection.

   Due to a bug, the ident daemon will create several new threads for
   every incoming request. This can be abused to mount a denial of
   service attack on you machine.


2. Vulnerable Versions

   Systems : COL 2.3
   Packages: pidentd-3.0.4-1

3. Solutions

   Workaround:

   Disable to ident service using

	lisa --inetd disable auth 0

   The proper solution is to upgrade to the latest packages

	pidentd-3.0.7-1.i386.rpm
	
4. Location of Fixed Packages

   The upgrade packages can be found on Caldera's FTP site at:

   ftp://ftp.calderasystems.com/pub/OpenLinux/updates/2.3/current/RPMS/

   The corresponding source code package can be found at:

   ftp://ftp.calderaystems.com/pub/OpenLinux/updates/2.3/current/SRPMS/

5. Installing Fixed Packages

   Upgrade the affected packages with the following commands:

        rpm -U pidentd-3.0.7-1.i386.rpm
        
6. Verification

   0afba62b880318b01de8732efd59a774  RPMS/pidentd-3.0.7-1.i386.rpm
   0c833a0408631dd5b81206ed5656d4e4  SRPMS/pidentd-3.0.7-1.src.rpm

7. References

   This and other Caldera security resources are located at:

   http://www.calderasystems.com/news/security/index.html

   This security fix closes Caldera's internal Problem Report 5142

8. Disclaimer
   Caldera Systems, Inc. is not responsible for the misuse of any of the
   information we provide on this website and/or through our security
   advisories. Our advisories are a service to our customers intended to
   promote secure installation and use of Caldera OpenLinux.

______________________________________________________________________________


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQCVAwUBN/30IOn+9R4958LpAQEDfwP/fLETWVQbP7xyiJueISuYDzPWV8CiXrH1
HlKp1s+OpoS+IqQeH6OnJxWtEftrlJBtFyHA2f3xq1Jwl5rbFUgZv0SqTq8Fs0Y4
5zzczSt6AlAKZxSkJikHADj+dDMZ4my+qCgWfjcqrHP7dlidiXZ/kaIVoZsyDkYf
gzxv4M2tR1M=
=GkTc
-----END PGP SIGNATURE-----