COMMAND

    Ultraseek

SYSTEMS AFFECTED

    Ultraseek 3.1.x

PROBLEM

    Following is based  on USSR Security  Advisory USSR-2000056.   The
    USSR Team has found problem with the Ultraseek Search engine.  The
    Ultraseek  Search  engine  is  vulnerable  to  a Denial of Service
    attack.

    Upon connecting  to the  search engine,  which by  default runs on
    port 8765, it is  possible to pass a  malformed URL to the  engine
    that will cause the process to stop responding to valid requests.

    Example:

        http://ServerIP:8765/index.html?&col=&ht=0&qs=&qc=&pw=100%25&ws=0&nh=10&lk=1 &rf=0&si=1&si=1&ql=../../../index

SOLUTION

    Patches:

        ftp://ftp.ultraseek.com/pub/InktomiSearch/4.0.0/InktomiSearch-solaris-4.0.0.tar.Z
        ftp://ftp.ultraseek.com/pub/InktomiSearch/4.0.0/InktomiSearch-solaris-4.0.0.tar.gz
        ftp://ftp.ultraseek.com/pub/InktomiSearch/4.0.0/InktomiSearch-solaris-4.0.0-language.tar.Z
        ftp://ftp.ultraseek.com/pub/InktomiSearch/4.0.0/InktomiSearch-solaris-4.0.0-language.tar.gz
        ftp://ftp.ultraseek.com/pub/InktomiSearch/4.0.0/InktomiSearch-solaris-4.0.0-cjk.tar.Z
        ftp://ftp.ultraseek.com/pub/InktomiSearch/4.0.0/InktomiSearch-solaris-4.0.0-cjk.tar.gz
        ftp://ftp.ultraseek.com/pub/InktomiSearch/4.0.0/InktomiSearch-solaris-4.0.0-postscript.tar.Z
        ftp://ftp.ultraseek.com/pub/InktomiSearch/4.0.0/InktomiSearch-solaris-4.0.0-postscript.tar.gz
        ftp://ftp.ultraseek.com/pub/InktomiSearch/4.0.0/InktomiSearch-solaris-4.0.0-z3950.tar.Z
        ftp://ftp.ultraseek.com/pub/InktomiSearch/4.0.0/InktomiSearch-solaris-4.0.0-z3950.tar.gz
        ftp://ftp.ultraseek.com/pub/InktomiSearch/4.0.0/InktomiSearch-solaris-4.0.0-ssl-export.tar.Z
        ftp://ftp.ultraseek.com/pub/InktomiSearch/4.0.0/InktomiSearch-solaris-4.0.0-ssl-export.tar.gz

        ftp://ftp.ultraseek.com/pub/InktomiSearch/4.0.0/InktomiSearch-winnt-4.0.0.exe
        ftp://ftp.ultraseek.com/pub/InktomiSearch/4.0.0/InktomiSearch-winnt-4.0.0-language.exe
        ftp://ftp.ultraseek.com/pub/InktomiSearch/4.0.0/InktomiSearch-winnt-4.0.0-cjk.exe
        ftp://ftp.ultraseek.com/pub/InktomiSearch/4.0.0/InktomiSearch-winnt-4.0.0-postscript.exe
        ftp://ftp.ultraseek.com/pub/InktomiSearch/4.0.0/InktomiSearch-winnt-4.0.0-ssl-export.exe

        ftp://ftp.ultraseek.com/pub/InktomiSearch/4.0.0/InktomiSearch-linux-4.0.0.i386.rpm
        ftp://ftp.ultraseek.com/pub/InktomiSearch/4.0.0/InktomiSearch-linux-4.0.0.tar.gz
        ftp://ftp.ultraseek.com/pub/InktomiSearch/4.0.0/InktomiSearch-linux-4.0.0-language.i386.rpm
        ftp://ftp.ultraseek.com/pub/InktomiSearch/4.0.0/InktomiSearch-linux-4.0.0-language.tar.gz
        ftp://ftp.ultraseek.com/pub/InktomiSearch/4.0.0/InktomiSearch-linux-4.0.0-cjk.i386.rpm
        ftp://ftp.ultraseek.com/pub/InktomiSearch/4.0.0/InktomiSearch-linux-4.0.0-cjk.tar.gz
        ftp://ftp.ultraseek.com/pub/InktomiSearch/4.0.0/InktomiSearch-linux-4.0.0-z3950.i386.rpm
        ftp://ftp.ultraseek.com/pub/InktomiSearch/4.0.0/InktomiSearch-linux-4.0.0-z3950.tar.gz

        ftp://ftp.ultraseek.com/pub/InktomiSearch/4.0.0/InktomiSearch-hpux-4.0.0.tar.gz
        ftp://ftp.ultraseek.com/pub/InktomiSearch/4.0.0/InktomiSearch-hpux-4.0.0-language.tar.gz
        ftp://ftp.ultraseek.com/pub/InktomiSearch/4.0.0/InktomiSearch-hpux-4.0.0-cjk.tar.gz
        ftp://ftp.ultraseek.com/pub/InktomiSearch/4.0.0/InktomiSearch-hpux-4.0.0-z3950.tar.gz