Manualshelf

Specifications

ManualsBrandsCayman Systems ManualsComputer equipment3220-H
40414243444546474849
SAFER – Vol. 3, Issue 6 44 © 2000 The Relay Group
XFree86 Xserver Denial of Service Vulnerability
Released May 18, 2000
Affects XFree86 X11R6 4.0, 3.3.6, 3.3.5
Reference http://www.securityfocus.com/bid/1235
Problem
- A remote user can send a malformed packet to the TCP listening port, 6000, which will cause the
X server to be unresponsive for some period of time. During this time, the keyboard will not
respond to user input, and in some cases, the mouse will also not respond.
- During this time period, the X server will utilize 100% of the CPU, and can only be repaired by
being signaled. This vulnerability exists only in servers compiled with the XCSECURITY #define
set. This can be verified by running the following: strings /path/to/XF86_SVGA | grep "XC-QUERY-
SECURITY-1"
SAFER
- Run the X server with the option "-nolisten tcp" set. This option causes the X server to not listen
connections from any client. To use this option, simply add it to serverargs variable in the
/usr/X11/bin/startx script.
BeOS TCP Fragmentation Remote DoS Vulnerability
Released May 18, 2000
Affects BeOS 5.0
Reference http://www.securityfocus.com/bid/1222
Problem
- BeOS is vulnerable to a remote TCP fragmentation attack that will crash the target system,
requiring a reboot.
SAFER
- New version of BeOS should have the whole TCP/IP stack rewritten. Until then, users will have to
remain vulnerable, since BE did not provide any patches for this problem.
Cayman 3220-H DSL Router DoS Vulnerability
Released May 17, 2000
Affects Cayman 3220-H DSL Router 1.0, Cayman GatorSurf 5.5 Build R0, 5.3 build R1, R2
Reference http://www.securityfocus.com/bid/1219
Problem
- Large usernames or passwords sent to the router's HTTP interface restart the router. Router log
will show "restart not in response to admin command"
SAFER
- Upgrading to GatorSurf software version 5.5.0 Build R1 will solve this issue.
CProxy 3.3 SP2 Buffer Overflow DoS Vulnerability
Released May 16, 2000
Affects CProxy Server 3.3SP2
Reference http://www.securityfocus.com/bid/1213
Problem
- A buffer overflow DoS vulnerability exists in CProxy Server 3.3 Service Pack 2.
SAFER
- New version has been made available. Upgrade.