CERTA-2003-AVI-157

Vulnerability from certfr_avis - Published: - Updated:

Il est possible de provoquer l'arrêt inopiné du démon DCE dced.

Description

DCE (Distributed Computing Environment) est un ensemble de services et d'outils qui permettent la création et le déploiement d'applications distribuées.

Une vulnérabilité de DCE permet à un utilisateur mal intentionné d'arrêter inopinément le service DCE.

Il est possible que les scans sur le service RPC de Microsoft provoquent l'arrêt du service.

Solution

Appliquer le correctif de votre éditeur.

DCE version 1.2.2c.

Les versions antérieures de DCE sont potentiellement vulnérables, mais ne sont plus maintenues.

Impacted products
Vendor Product Description
References

Show details on source website
To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eDCE version 1.2.2c.\u003c/P\u003e  \u003cP\u003eLes versions ant\u00e9rieures de DCE sont potentiellement  vuln\u00e9rables, mais ne sont plus maintenues.\u003c/P\u003e",
  "content": "## Description\n\nDCE (Distributed Computing Environment) est un ensemble de services et\nd\u0027outils qui permettent la cr\u00e9ation et le d\u00e9ploiement d\u0027applications\ndistribu\u00e9es.  \n\nUne vuln\u00e9rabilit\u00e9 de DCE permet \u00e0 un utilisateur mal intentionn\u00e9\nd\u0027arr\u00eater inopin\u00e9ment le service DCE.  \n\nIl est possible que les scans sur le service RPC de Microsoft provoquent\nl\u0027arr\u00eat du service.\n\n## Solution\n\nAppliquer le correctif de votre \u00e9diteur.\n",
  "cves": [],
  "links": [
    {
      "title": "Avis de s\u00e9curit\u00e9 20030902-01-P de SGI :",
      "url": "http://www.sgi.com/support/security/advisories.html"
    }
  ],
  "reference": "CERTA-2003-AVI-157",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2003-10-03T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    }
  ],
  "summary": "Il est possible de provoquer l\u0027arr\u00eat inopin\u00e9 du d\u00e9mon DCE \u003cspan\nclass=\"textit\"\u003edced\u003c/span\u003e.\n",
  "title": "Vuln\u00e9rabilit\u00e9 de DCE",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Avis de s\u00e9curit\u00e9 SGI 20030902-01-P",
      "url": null
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.