exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New


Posted Sep 23, 1999


SHA-256 | 008aa4723cd0e6f00fb552af0dce994dfd8848b99c27b1a2162d7e3996c3f62d


Change Mirror Download

Subject: Caldera Security Advisory SA-1997.33: Vulnerabilities in inetd

Original report date: 21-Jun-1997 ("ping pong" vulnerability)
Original report date: 26-Aug-1997 (inetd denial of service vulnerability)
RPM build date: 03-Nov-1997
Advisory issue date: 18-Dec-1997

Topic: Vulnerabilities in "inetd" in netkit-base-0.10-1

I. Problem Description

NOTE: Two different vulnerabilities are addressed in this advisory
and corresponding update to the "inetd" daemon included in the
netkit-base RPM.

First issue: Sending a UDP datagram to the echo service with
fake IP sender address and a source port of, for example,
"echo" would cause the two hosts to ping-pong echo packets hence
and forth. Doing this repeatedly would create a packet storm.
Other builtin UDP services may be similarly vulnerable.

This can be fixed by making inetd ignore all UDP with source
port less than 512.

Second issue: When inetd receives more than 40 connects per
minute to any given service, it would shut down that service
for 10 minutes. Inetd logs this condition to syslogd saying
`Service xxx looping, terminated'.

There's no easy fix for that (the experts are still working on
that). If you experience this problem, you are either under
attack, or (more likely) you are experiencing a load peak
from legitimate usage. In the latter case, you can bump the
max number of requests serviced per minute by modifying the
inetd.conf description of the offending service:

ftp stream tcp nowait.100 root /usr/sbin/tcpd in.ftpd -l
^^^^ .max parameter

This increases the threshold to 100 requests per minute.

In case of an outside attack, you should make sure to firewall
all services that are not to be used from outside.

Another problem that was discovered in this context was that inetd
wouldn't serve more that one request per second on average. This
release also fixes this bug.

II. Impact

Any machine with netkit-base-0.10-1 or earlier versions
of NetKit-B may be vulnerable. Run 'rpm -q netkit-base'
to determine which version you have installed.

III. Solution

Replace netkit-base-0.10-1 with the netkit-base-0.10-2. The
source and binary RPMs can be found on Caldera's ftp site at:




The MD5 checksum (from the "md5sum" command) for this package is:

453f0e790cccb9af8c18ed9bccf9f4e0 RPMS/netkit-base-0.10-2.i386.rpm
3ee21bbe8d17d57cb4eb638bd12c4b38 SRPMS/netkit-base-0.10-2.src.rpm

Install the new package by executing:

rpm -U netkit-base-0.10-2.i386.rpm

You will then need to restart inetd. Do this by executing:

/etc/rc.d/init.d/inet stop

followed by:

/etc/rc.d/init.d/inet start

Note: this upgrade should be done from the console when no one
else is logged in on the system.

If you are still using a NetKit-B package, you should first
upgrade to the netkit-*-0.10* packages. See Caldera's security

"SA-1997.19 - September 22, 1997 Vulnerabilities in NetKit-B"

for information concerning this issue.

IV. References / Credits

From: "D. Richard Hipp" <drh@tobit.hwaci.vnet.net>
To: support@caldera.com
Date: Tue, 26 Aug 1997 14:51:54 -0400
Subject: Denial-of-service attack against INETD.
Message-Id: <199708261851.OAA04649@tobit.hwaci.vnet.net>

Some inetd fixes: Olaf Kirch <okir@caldera.de>

From: Willy TARREAU <tarreau@AEMIAIF.IBP.FR>
Date: Sat, 21 Jun 1997 23:58:16 +0200
Subject: Simple TCP service can hang a system
Message-ID: <199706212158.XAA01904@aemiaif.ibp.fr>

This and other Caldera security resources are located at:


This security alert closes Caldera's internal problem reports #936
and #978.

V. PGP Signature

This message was signed with the PGP key for <security@caldera.com>.

This key can be obtained from:

Or on an OpenLinux CDROM under:

$Id: SA-1997.32,v 1.2 1997/12/18 22:49:42 ron Exp $

Version: 2.6.2

Login or Register to add favorites

File Archive:

September 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    2 Files
  • 2
    Sep 2nd
    21 Files
  • 3
    Sep 3rd
    0 Files
  • 4
    Sep 4th
    17 Files
  • 5
    Sep 5th
    34 Files
  • 6
    Sep 6th
    29 Files
  • 7
    Sep 7th
    11 Files
  • 8
    Sep 8th
    25 Files
  • 9
    Sep 9th
    0 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    26 Files
  • 12
    Sep 12th
    23 Files
  • 13
    Sep 13th
    17 Files
  • 14
    Sep 14th
    22 Files
  • 15
    Sep 15th
    16 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    19 Files
  • 19
    Sep 19th
    60 Files
  • 20
    Sep 20th
    23 Files
  • 21
    Sep 21st
    15 Files
  • 22
    Sep 22nd
    8 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    17 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By