Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Possible DoS against inetd in Solaris

From: El Nahual <nahual () S0D SAL ITESM MX>
Date: Wed, 15 Nov 2000 15:36:36 -0900
Yes I've been preparing an advisory on it, all linux versions are
vulnerable, you can kill inetd over a 28.8 modem in less than 40 seconds
... you just need to connect and disconnect really fast .....

Advisory SHOULD be there at sss.s0d.org) tomorrow tops. I've tested this
on xinetd over Solaris SParc ... its a nono ...

El Nahual
www.s0d.org
nahual () s0d org

On Wed, 15 Nov 2000, Alla Bezroutchko wrote:


Hi,

I stumbled upon something that looks like a bug in inetd on Solaris. If
a Solaris box is portscaned by nmap with -T Insane option (very quick
scan) daemons that are started by inetd stop responding. That is you
can connect to them, connection get accepted, by they don't display any
banner or answer in any way. It stays that way until inetd is
restarted. Other daemons (not started by inetd) seem to be unaffected
by this.

The effect depends on number of daemons enabled in inetd configuration.
If only one daemon (ftp in my case) is enabled, nothing happens at all.
Inetd with two daemons does hang but not always. Five daemons enabled
make it hang every time.

I tested this over a 10Mbps LAN against Solaris 7 and 8 on Sparc and
Solaris 7 on Intel.  All three are affected.

Don't know if it works over slower connections. It is also interesting
if it only affects inetd, or any daemon that listens on multiple
ports. Could someone test this?

--
Alla Bezroutchko
Scanit Team
http://www.scanit.be/
Previous By Date Next
Previous By Thread Next

Current thread: