{"vuid":"VU#377804","idnumber":"377804","name":"Multiple Open Software Foundation Distributed Computing Environment (DCE) implementations vulnerable to DoS","keywords":["Open Software Foundation","OSF","Distributed Computing Environment","DCE products","DoS","denial of service"],"overview":"A denial-of-service vulnerability exists in multiple vendor implementations of the Distributed Computing Environment. This vulnerability may allow a remote attacker to cause the service to fail. Note that this vulnerability may be triggered by attackers attempting to exploit VU#568148 and VU#326746.","clean_desc":"The Open Group describes the Distributed Computing Environment (DCE) as an \"industry-standard, vendor-neutral set of distributed computing technologies.\" They go on to describe DCE as follows: DCE provides a complete Distributed Computing Environment infrastructure. It provides security services to protect and control access to data, name services that make it easy to find distributed resources, and a highly scalable model for organizing widely scattered users, services, and data. DCE runs on all major computing platforms and is designed to support distributed applications in heterogeneous hardware and software environments. A vulnerability has been discovered in DCE which may allow a remote attacker to cause the DCE service to either hang or terminate, which will effectively make it impossible for DCE clients to communicate with the DCE server.","impact":"A remote attacker may be able to cause the DCE service to either hang or terminate, which will effectively make it impossible for DCE clients to communicate with the DCE server.","resolution":"Apply a patch.","workarounds":"","sysaffected":"","thanks":"","author":"This document was written by Ian A Finlay.","public":["http://www.opengroup.org/dce/","http://www.secunia.com/advisories/9482/"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2003-08-01T15:20:05Z","publicdate":"2003-08-07T00:00:00Z","datefirstpublished":"2003-08-08T13:18:16Z","dateupdated":"2003-08-18T14:12:21Z","revision":18,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"13","cam_internetinfrastructure":"17","cam_population":"15","cam_impact":"8","cam_easeofexploitation":"15","cam_attackeraccessrequired":"15","cam_scorecurrent":"22.78125","cam_scorecurrentwidelyknown":"25.3125","cam_scorecurrentwidelyknownexploited":"28.85625","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":22.78125,"vulnote":null}