ClearCase DoS vulnerabilty

[marek.rouchal () infineon com]

Dear all,

please find attached a security vulnarability advisory
for immediate publishing.

Best regards,

Marek Rouchal, Infineon Technologies AG, Munich, Germany
Stefan Bagdohn, Guardeonic Solutions, Munich, Germany


Summary:

Advisory Name:        ClearCase remote DoS
Release Date:         11/22/02
Affected Product:     Rational (R) ClearCase (R)
Platform:             Solaris 2.5.1 and 8 for sure, other unknown
Version:              4.1 (patches 27, 28) and 2002.05 (patches 9,10)
                      sure, other unknown

Severity:             The ClearCase process listening on TCP port 371
                      can be crashed by performing a simple nmap scan

Attachment: guardadv-03-2002-clearcaseDoS.txt
Description: