CVE-2003-0746

Vulnerability

Distributed Computing Environment (DCE) implementations, including HP OpenView, are vulnerable to a denial-of-service condition via certain malformed inputs. This vulnerability can be triggered by attempted exploits against the related vulnerabilities CVE-2003-0352 or CVE-2003-0605, such as those used by the Blaster/MSblast/LovSAN worm. [2]

Exploitation

A remote attacker can send specially crafted malformed inputs to a DCE service, causing it to hang or terminate. The attacker does not require authentication, as these inputs can be delivered over the network. The vulnerability may be triggered by exploit code targeting other DCE vulnerabilities. [2]

Impact

Successful exploitation results in a denial of service, where the DCE service either hangs or terminates, preventing legitimate DCE clients from communicating with the DCE server. This can disrupt distributed computing applications relying on DCE. [2]

Mitigation

As of the publication of this CVE (2003-10-20), no fix or workaround is disclosed in the available references. [2] The vendor, HP, may have provided patches for OpenView; however, specific patch information is not referenced.