----------------------------------------------------------------------
                Inferno Nettverk A/S Security Advisory

Package: Dante
Advisory Id: DNTE-20050128001
Date: 2005-01-28
Affected versions: All
----------------------------------------------------------------------

To customers of Inferno Nettverk A/S using Dante:
	A problem has been discovered where it's possible to,
        under certain circumstance, perform a DOS (denial of 
	service) attack against the Dante server, leading it
	to crash or become unable to provide service to clients.
        The problem was recently made public by a source unrelated
        to Inferno Nettverk.
        
This advisory affects:
        All versions of the Dante server.

This advisory does not affect:
       Customers running the Dante server on a system where
       the limit on the number of open files per process
       is less or equal to the value FD_SETSIZE.

       This can be checked as follows.
       In the same shell which the Dante server is started from,
       perform the following steps:
       a) $ /bin/sh -c "ulimit -n"
       The above command will report a value, e.g. 1024.

       b) $ grep '#define .*FD_SETSIZE' /usr/include/*/*.h
       This might report several values, depending on what system
       it is run under.  If any of the values reported in this step
       is _less_ than the value reported in step a), you might be
       vulnerable.

Recommended steps:
        Inferno Nettverk recommends users affected by this problem
        apply the following steps:

	   In the shell the Dante server is started from, run
	   the following commands:
           i)   /bin/sh
           ii)  ulimit -n "the lowest value found in step b) above"
           iii) kill the running server and start a new one.

	   For the time being, always add step ii) (and step i), if
	   necessary.  It will depend on what shell you normally use.)
	   to your normal way of starting Dante.  The next 
	   version of Dante (due out shortly) will do this
	   automatically.

        We do not recommend any steps to be taken by users
        not affected by this problem.

Presumed impact:
        We expect most non-BSD systems, including Linux, to be
        unaffected by this in their default configuration.

        The workaround for the problem, as described above, should
        for most of you also be reasonably straightforward.  Please
	let us know if this is not so for any of you.

Technical details:
	More details can be found in the below url:
	http://www.securityfocus.com/archive/1/388201/2005-01-18/2005-01-24/0

Should you have any questions about this problem, please
contact your Inferno Nettverk support contact in the usual way.

With kind regards,

-- 
   Inferno Nettverk Support