• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Multiple Vendor OSF Distributed Computing Environment Denial Of Service Vulnerability

Solution:
HP has released advisory HPSBUX0308-273 to address this issue. HP has also released advisories for Tru64 and OpenVMS which instruct users to apply the appropriate Entegrity fixes for OpenVMS/Tru64 systems running DCE.

HP has released a revised advisory (HPSBUX0308-274) and fixes to address this issue in OpenView Software implementations of DCE. See referenced advisory for further details regarding obtaining and applying fixes.

HP has released an advisory (HPSBUX0309-276) to address this issue in HP-UX 11.11 systems. Customers who are affected by this issue are advised to apply appropriate patches. Further information regarding obtaining and applying patches is available in the referenced advisory.

HP has relased advisory SSRT3608 to address this issue in OpenVMS.

Cray Inc. has acknowledged that Unicos systems may be affected and is tracking this issue via Spr 726429. Users should contact the vendor for further details about the status of this issue.

Entegrity has released a DCE Security Patch that can be applied to all support versions of affected software. Further information can be obtained on the Entegrity DCE Security Patch support page.

IBM has released DCE fixes for various platforms. Additionally, APAR IY47052 has been opened for the 3.2 release of DCE for AIX and Solaris.

HP has released advisory HPSBUX0308-273 to address this issue. HP has also released advisories for Tru64 and OpenVMS which instruct users to apply the appropriate Entegrity fixes for OpenVMS/Tru64 systems running DCE.

SGI has released patches to address this issue. Patch 5313 has been released which addresses this issue in DCE 1.2.2c and DCE 1.2.2c Domestic version. However, the domestic version requires the installation of an additional patch (5314) which is not publicly available. Information on obtaining patch 5314 can be obtained through the vendor.

HP has released an advisory (SSRT4741 rev.0) to address this issue. Please see the referenced advisory for more information. Users are advised to contact the vendor to obtain fixes.


Open Group DCE 1.2.2 c

• SGI patch5313.tar
  ftp://patches.sgi.com/support/free/security/patches/

Open Group DCE 1.2.2 c - Domestic

• SGI patch5313.tar
  ftp://patches.sgi.com/support/free/security/patches/

HP HP-UX 10.20

• HP PHSS_19739
  http://itrc.hp.com

HP HP-UX 11.0

• HP PHSS_17810
  http://itrc.hp.com

HP HP-UX 11.11

• HP PHSS_29964
  http://itrc.hp.com

IBM DCE 2.2 for Windows

• IBM portscanner_fix_dce2.2_win_eco4.zip
  iFix for DCE 2.2 ECO4
  ftp://ftp.software.ibm.com/software/network/dce/support/ifixes/portsca nner_fix_dce2.2_win_eco4.zip


• IBM portscanner_fix_dce2.2_win_eco5.zip
  iFix for DCE 2.2 ECO5
  ftp://ftp.software.ibm.com/software/network/dce/support/ifixes/portsca nner_fix_dce2.2_win_eco5.zip

IBM DCE 3.1 for AIX

• IBM portscanner_fix_dce310_ptfset7.tar.Z
  iFix for DCE 3.1 PTF 7
  ftp://ftp.software.ibm.com/software/network/dce/support/ifixes/portsca nner_fix_dce310_ptfset7.tar.Z

IBM DCE 3.1 for Solaris

• IBM portscanner_fix_dce310_ptfset7.tar.Z
  iFix for DCE 3.1 PTF 7
  ftp://ftp.software.ibm.com/software/network/dce/support/ifixes/portsca nner_fix_dce310_ptfset7.tar.Z

IBM DCE 3.2 for Solaris

• IBM portscanner_fix_dce320_ptfset3.tar.Z
  iFix for DCE 3.2 PTF 3
  ftp://ftp.software.ibm.com/software/network/dce/support/ifixes/portsca nner_fix_dce320_ptfset3.tar.Z


• IBM portscanner_fix_dce320_ptfset4.tar.Z
  iFix for DCE 3.2 PTF 4
  ftp://ftp.software.ibm.com/software/network/dce/support/ifixes/portsca nner_fix_dce320_ptfset4.tar.Z

IBM DCE 3.2 for AIX

• IBM portscanner_fix_dce320_ptfset3.tar.Z
  iFix for DCE 3.2 PTF 3
  ftp://ftp.software.ibm.com/software/network/dce/support/ifixes/portsca nner_fix_dce320_ptfset3.tar.Z


• IBM portscanner_fix_dce320_ptfset4.tar.Z
  iFix for DCE 3.2 PTF 4
  ftp://ftp.software.ibm.com/software/network/dce/support/ifixes/portsca nner_fix_dce320_ptfset4.tar.Z

Compaq OpenVMS 6.2 -1H3 Alpha

• HP ALP_DCE_030_SSRT3608-V0100
  http://www.itrc.hp.com

Compaq OpenVMS 6.2 Alpha

• HP ALP_DCE_030_SSRT3608-V0100
  http://www.itrc.hp.com

Compaq OpenVMS 6.2 VAX

• HP VAX_DCE_030_SSRT3608-V0100
  http://www.itrc.hp.com

Compaq OpenVMS 6.2 -1H2 Alpha

• HP ALP_DCE_030_SSRT3608-V0100
  http://www.itrc.hp.com

Compaq OpenVMS 6.2 -1H1 Alpha

• HP ALP_DCE_030_SSRT3608-V0100
  http://www.itrc.hp.com

Compaq OpenVMS 7.1 VAX

• HP VAX_DCE_030_SSRT3608-V0100
  http://www.itrc.hp.com

Compaq OpenVMS 7.1 Alpha

• HP ALP_DCE_030_SSRT3608-V0100
  http://www.itrc.hp.com

Compaq OpenVMS 7.2 -2 Alpha

• HP ALP_DCE_030_SSRT3608-V0100
  http://www.itrc.hp.com


• HP DCOM_013_SSRT3608-V0100
  http://www.itrc.hp.com

Compaq OpenVMS 7.2 Alpha

• HP ALP_DCE_030_SSRT3608-V0100
  http://www.itrc.hp.com

Compaq OpenVMS 7.2 VAX

• HP VAX_DCE_030_SSRT3608-V0100
  http://www.itrc.hp.com

Compaq OpenVMS 7.2 -1H1 Alpha

• HP ALP_DCE_030_SSRT3608-V0100
  http://www.itrc.hp.com

Compaq OpenVMS 7.2 -1H2 Alpha

• HP ALP_DCE_030_SSRT3608-V0100
  http://www.itrc.hp.com

Compaq OpenVMS 7.3 Alpha

• HP ALP_DCE_030_SSRT3608-V0100
  http://www.itrc.hp.com


• HP DCOM_013_SSRT3608-V0100
  http://www.itrc.hp.com

Compaq OpenVMS 7.3 -1 Alpha

• HP ALP_DCE_030_SSRT3608-V0100
  http://www.itrc.hp.com


• HP DCOM_013_SSRT3608-V0100
  http://www.itrc.hp.com

Compaq OpenVMS 7.3 VAX

• HP VAX_DCE_030_SSRT3608-V0100
  http://www.itrc.hp.com