Bugtraq mailing list archives

Re: BSDI inetd crash

From: assembly () MIS03 MINDINFO COM (FrontLine Assembly)
Date: Wed, 8 Apr 1998 15:17:16 -0700


On Tue, 7 Apr 1998, Mark Schaefer wrote:


This is a serious bug in BSDI 3.1 servers.  One of my coworkers was
playing with the nmap utility which was mentioned here the other day, and
he managed to crash inetd on our servers.  We quickly duplicated the
attack against a Linux box running RedHat 4.2, and it did not happen.  I
tried again, myself, on a non-critical BSDI 3.1 server.  It happened
again.


This not only affects BSDi BSD/OS 3.1 but 3.0, 2.1, & 2.0. It also crashes
when the Win 95/NT program portscan.exe (made by 7thsphere) is run against
the host.

.-----------------------------------------------------------------.
| FrontLine Assembly |  " You Are Only Alive Because Someone Has  |
|                    |___.  Decided To Let You Live " - KMFDM     |
| assembly () leviathan org | URL: http://www.leviathan.org/         |
|                        |----------------------------------------'
`------------------------'

Type Bits/KeyID    Date       User ID
pub  2048/19490121 1997/07/14 FrontLine Assembly

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3i
Comment: Requires PGP version 2.6 or later.

mQENAzPJ0MgAAAEIAMn9IayyCXcDulFBfQtx64JBgJwbcvCcdX4FoBsdryl47bWq
gx2A9c7Xe1hlhE2f3z/29M/miDxmuZndqFTnQDXd5yRmFoD9KF/Dfyw2o4EiPPPg
kF13xPujz1mIOxlijrRkLjIx/kfHHakYVDCWL4hEfSFqsSsH6aibDf0jFAm28X8j
1PwbgwuwBvvbW6VRtgcoMt4lr9FbBoYiN3P4IHSGjgAA6llAG/0dxtfMV4mqxzw0
mW5GOTrti5Izehd9AOOHRxWxPdyBn6vI5lrm4E1FvaEzv9gKXKEt3ebGev79GY/s
Kd4zivxJRqYWUCO/AMaeYf3csURITWiW3RlJASEABRG0EkZyb250TGluZSBBc3Nl
bWJseYkBFQMFEDPJ0MlNaJbdGUkBIQEB3QAH/i1zVnYe/Y041VMQwvYzVTmRk57d
2YFqUbIR9oZKlPgq88iZ0p0gaJ22m2Ywx75xCKIlm5fslB86Sm5Xry2O/Q/RK0IG
LaUVHJ7F4xRrgoOQcmIpwLMU2F8C3JkzUcdVNvAVCPpJiFaDGZzFgKJMX/YxjvQF
OnENcH9wOvzvMHnFak38Q31DvmEG/rL4RqNWVnD+2iNV4SnvevNI/q41Rsfil/9x
gezekBWnAcevX4Torefs/bFxwqlxjQ9jD/ZeU8pIRAXTMD7dHxHTFK09zs8vvibU
1mqpMZR/Mu11m8/cFRkl7fclByVY1hdaNRtxMYs6JPd1i8QDrKCA82UP18U=
=MVqB
-----END PGP PUBLIC KEY BLOCK-----

Current thread:

BSD coredumps follow symlinks Denis Papp (Mar 28)
- nmap -U <host> undetectable by netranger v2.0 Codex (Apr 01)
- portmap 4.0-8 DoS Michal Zalewski (Apr 01)
  - Re: portmap 4.0-8 DoS Peter van Dijk (Apr 07)
  - BSDI inetd crash Mark Schaefer (Apr 07)
    - Re: BSDI inetd crash FrontLine Assembly (Apr 08)
    - SGI O2 ipx security issue Fabrice Planchon (Apr 08)
    - BIND vulnerability test program.. Joshua J. Drake (Apr 09)
    - (Q) Sun Rpcbind problem. Chiaki Ishikawa (Apr 10)
    - Re: (Q) Sun Rpcbind problem. Casper Dik (Apr 10)
    - Wietse's RPCBIND Wietse Venema (Apr 10)
    - announce: weaken for netscape !! (fwd) Ken Williams (Apr 10)
    - Communicator exploits Fernand Portela (Apr 10)
    - Sun rpcbind Nicolas Dubee (Apr 10)
    - Re: Sun rpcbind Aaron Bornstein (Apr 10)
  - QW vulnerability Glenn F. Maynard (Apr 07)

(Thread continues...)