what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

SA-1997.33.txt

SA-1997.33.txt
Posted Sep 23, 1999

SA-1997.33.txt

SHA-256 | 008aa4723cd0e6f00fb552af0dce994dfd8848b99c27b1a2162d7e3996c3f62d

SA-1997.33.txt

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----

Subject: Caldera Security Advisory SA-1997.33: Vulnerabilities in inetd

Original report date: 21-Jun-1997 ("ping pong" vulnerability)
Original report date: 26-Aug-1997 (inetd denial of service vulnerability)
RPM build date: 03-Nov-1997
Advisory issue date: 18-Dec-1997

Topic: Vulnerabilities in "inetd" in netkit-base-0.10-1


I. Problem Description

NOTE: Two different vulnerabilities are addressed in this advisory
and corresponding update to the "inetd" daemon included in the
netkit-base RPM.

First issue: Sending a UDP datagram to the echo service with
fake IP sender address and a source port of, for example,
"echo" would cause the two hosts to ping-pong echo packets hence
and forth. Doing this repeatedly would create a packet storm.
Other builtin UDP services may be similarly vulnerable.

This can be fixed by making inetd ignore all UDP with source
port less than 512.

Second issue: When inetd receives more than 40 connects per
minute to any given service, it would shut down that service
for 10 minutes. Inetd logs this condition to syslogd saying
`Service xxx looping, terminated'.

There's no easy fix for that (the experts are still working on
that). If you experience this problem, you are either under
attack, or (more likely) you are experiencing a load peak
from legitimate usage. In the latter case, you can bump the
max number of requests serviced per minute by modifying the
inetd.conf description of the offending service:

ftp stream tcp nowait.100 root /usr/sbin/tcpd in.ftpd -l
^^^^ .max parameter

This increases the threshold to 100 requests per minute.

In case of an outside attack, you should make sure to firewall
all services that are not to be used from outside.

Another problem that was discovered in this context was that inetd
wouldn't serve more that one request per second on average. This
release also fixes this bug.


II. Impact

Any machine with netkit-base-0.10-1 or earlier versions
of NetKit-B may be vulnerable. Run 'rpm -q netkit-base'
to determine which version you have installed.


III. Solution

Replace netkit-base-0.10-1 with the netkit-base-0.10-2. The
source and binary RPMs can be found on Caldera's ftp site at:

ftp://ftp.caldera.com/pub/openlinux/updates/1.1/current/RPMS/

and

ftp://ftp.caldera.com/pub/openlinux/updates/1.1/current/SRPMS/

The MD5 checksum (from the "md5sum" command) for this package is:

453f0e790cccb9af8c18ed9bccf9f4e0 RPMS/netkit-base-0.10-2.i386.rpm
3ee21bbe8d17d57cb4eb638bd12c4b38 SRPMS/netkit-base-0.10-2.src.rpm

Install the new package by executing:

rpm -U netkit-base-0.10-2.i386.rpm

You will then need to restart inetd. Do this by executing:

/etc/rc.d/init.d/inet stop

followed by:

/etc/rc.d/init.d/inet start

Note: this upgrade should be done from the console when no one
else is logged in on the system.

If you are still using a NetKit-B package, you should first
upgrade to the netkit-*-0.10* packages. See Caldera's security
advisory:

"SA-1997.19 - September 22, 1997 Vulnerabilities in NetKit-B"

for information concerning this issue.


IV. References / Credits

From: "D. Richard Hipp" <drh@tobit.hwaci.vnet.net>
To: support@caldera.com
Date: Tue, 26 Aug 1997 14:51:54 -0400
Subject: Denial-of-service attack against INETD.
Message-Id: <199708261851.OAA04649@tobit.hwaci.vnet.net>

Some inetd fixes: Olaf Kirch <okir@caldera.de>

From: Willy TARREAU <tarreau@AEMIAIF.IBP.FR>
To: BUGTRAQ@NETSPACE.ORG
Date: Sat, 21 Jun 1997 23:58:16 +0200
Subject: Simple TCP service can hang a system
Message-ID: <199706212158.XAA01904@aemiaif.ibp.fr>

This and other Caldera security resources are located at:

http://www.caldera.com/tech-ref/security/

This security alert closes Caldera's internal problem reports #936
and #978.


V. PGP Signature

This message was signed with the PGP key for <security@caldera.com>.

This key can be obtained from:
ftp://ftp.caldera.com/pub/pgp-keys/

Or on an OpenLinux CDROM under:
/OpenLinux/pgp-keys/

$Id: SA-1997.32,v 1.2 1997/12/18 22:49:42 ron Exp $

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBNJmzbun+9R4958LpAQFM6gQAqnzeT9N3Ht4CQ9OL90M7azxcv6crIHtp
I9j511vhYJSEb73Tjvt7RzFkmCoQmaCC9nGeiu3uGEePTVJ4fq6cBRLDmDVwGeoV
W8NhzTs6UzicnXEh/BcMCDG57/IPnIBsnr0oickkhx2yoFVzf9ehAkMuBImCObNJ
6YY/Yk1jQsg=
=yWzI
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close