=====================================================================
                                  CERT-Renater

                       Note d'Information No. 2005/VULN031
_____________________________________________________________________

DATE                      : 13/01/2005

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : UnixWare 7.1.4, UnixWare 7.1.3, UnixWare 7.1.1.

======================================================================


______________________________________________________________________________

       SCO Security Advisory

Subject: UnixWare 7.1.4 UnixWare 7.1.3 UnixWare 7.1.1 : mountd remote denial of service
Advisory number: SCOSA-2005.1
Issue date: 2005 January 11
Cross reference: sr892156 fz530479 erg712731 CAN-2004-1039
______________________________________________________________________________


1. Problem Description

mountd is not enabled by default. But when the NFS mountd service
is run by inetd, if a NFS mount related request is received
from the remote (or local) host, inetd will repeatedly
create the mountd process and as a result increasingly
consume memory.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2004-1039 to this issue.


2. Vulnerable Supported Versions

System Binaries
----------------------------------------------------------------------
UnixWare 7.1.4 /usr/lib/nfs/tmp/mountd
UnixWare 7.1.3 /usr/lib/nfs/tmp/mountd
UnixWare 7.1.1 /usr/lib/nfs/mountd

3. Solution

The proper solution is to install the latest packages.

4. UnixWare 7.1.4 / UnixWare 7.1.3

4.1 Location of Fixed Binaries

ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.1

4.2 Verification

MD5 (erg712731.pkg.Z) = 69067669ac277725e8665ac02f955607

md5 is available for download from
ftp://ftp.sco.com/pub/security/tools

4.3 Installing Fixed Binaries

Upgrade the affected binaries with the following sequence:

Download erg712731.pkg.Z to the /var/spool/pkg directory

# uncompress /var/spool/pkg/erg712731.pkg.Z
# pkgadd -d /var/spool/pkg/erg712731.pkg


5. UnixWare 7.1.1

5.1 Location of Fixed Binaries

ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.1


5.2 Verification

MD5 (erg712731.711.pkg.Z) = 4f7e3bba1e5381e28bef0894dc1d9ec1

md5 is available for download from
ftp://ftp.sco.com/pub/security/tools


5.3 Installing Fixed Binaries

Upgrade the affected binaries with the following sequence:

Download erg712731.711.pkg.Z to the /var/spool/pkg directory

# uncompress /var/spool/pkg/erg712731.711.pkg.Z
# pkgadd -d /var/spool/pkg/erg712731.711.pkg


6. References

Specific references for this advisory:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1039
http://www.nilesoft.co.kr/

SCO security resources:
http://www.sco.com/support/security/index.html

SCO security advisories via email
http://www.sco.com/support/forums/security.html

This security fix closes SCO incidents sr892156 fz530479
erg712731.


7. Disclaimer

SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers
intended to promote secure installation and use of SCO
products.


8. Acknowledgments

SCO would like to thank Yun Jonglim a security researcher
of NileSOFT, Ltd (www.nilesoft.co.kr) for reporting this
issue.

______________________________________________________________________________


======================================================================

         =========================================================
         Les serveurs de référence du CERT-Renater
         http://www.urec.fr/securite
         http://www.cru.fr/securite
         http://www.renater.fr
         =========================================================
         + CERT-RENATER          | tel : 01-53-94-20-44          +
         + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
         + 75013 Paris           | email: certsvp@renater.fr     +
         =========================================================