Vulnerability Development mailing list archives
Re: Possible DoS against inetd in Solaris
From: Massimo Fubini <M.Fubini () ieee org>
Date: Sun, 19 Nov 2000 14:05:57 +0100
I think this old e-mails from the nmap-hackers mailing list can be of interest: AB> Date: Mon, 25 Sep 2000 10:25:33 -0600 (MDT) AB> From: "Alek O. Komarnitsky (N-CSC)" <alek () ast lmco com> AB> Subject: Sun finally releases patch for nmap inetd denial of service issue AB> To: nmap-hackers () insecure org AB> AB> There was some Email discussion a while ago about running nmap AB> can cause problems for inetd. Specifically, I've was able to AB> reliabily cause a small percentage (5-10%) of "scanned" machines AB> to "hang" inetd ... so that subsequent connections were hung. AB> I'm just basically doing a single TCP port scan at something that is AB> handled by inetd (rather than a standalone process). You can usually AB> "unfreeze" it by doing a 'echo "" | telnet HOSTNAME PORTNUMBER' AB> AB> AB> There was a patch for HPUX (PHNE_16832) that fixed this problem there. AB> AB> AB> On Sun Solaris, there was an issue with inetd actually DYING, but that AB> was fixed some time ago ... but the "hanging" inetd continues. AB> AB> Good News: Sun recently released Patch 109104-04 ... which based on AB> my testing of 50+ machines, *DOES* fix the problem. I.e. I can nmap AB> these puppies to death and inetd doesn't blink an eye - the README says: AB> 4337605 inetd Denial of Service Attack - accept() hangs after successful select() AB> AB> AB> Bad News: This patch is for Solaris 2.7 ONLY ... I've had some AB> discussions with Sun and "suggested" they release 2.6 & 2.8 versions; AB> since I can reliably "hang up" inetd 5-10% of the time on those. AB> I've got about 500 of these machines (all recently patched), AB> so a semi-decent testbed to use! ;-) AB> AB> AB> I'll let folks know what I hear about 2.6 & 2.8 patch availability. AB> alek AB> AB> P.S. Pls note that this is NOT nmap's "fault" ... but rather buggy inetd; AB> which should be more robust. -------------------------------------------------------------------------------- And than this second one from the same mailing list: AB> From: "Alek O. Komarnitsky (N-CSC)" <alek () ast lmco com> AB> Subject: Re: Sun finally releases patch for nmap inetd denial of service issue
From: lamont () icopyright com Subject: Re: Sun finally releases patch for nmap inetd denial of service issue To: "Alek O. Komarnitsky (N-CSC)" <alek () ast lmco com> Cc: nmap-hackers () insecure org The one-line description of the problem "accept() hangs after successful select()" makes it sound more like its an OS issue than an inetd bug. That would be an important clarification, since it would affect other programs as well.
AB> AB> AB> You are EXACTLY correct ... I was a bit sloppy in my earlier Email AB> saying this was an inetd problem - in fact, the fix is NOT the inetd AB> executeable, but actually a patch to sockfs ... i.e. it is OS. AB> AB> I mentioned the inetd 'cause I can repeat the problem "using" that AB> utility and it's a fairly serious DOS when inetd dies. AB> AB> alek AB> AB> P.S. I'm getting "lame" responses from Sun on Solaris2.6 & 2.8 AB> equivelent patches for 109104-04 (2.7 ONLY) ... so if anyone on AB> this list has some "pull" with the Sun guys, you might nudge 'em AB> that they should really releases patches to this DOS for other OS's. AB>
Current thread:
- Possible DoS against inetd in Solaris Alla Bezroutchko (Nov 16)
- Re: Possible DoS against inetd in Solaris Larry W. Cashdollar (Nov 16)
- Re: Possible DoS against inetd in Solaris Vitaly McLain (Nov 16)
- Re: Possible DoS against inetd in Solaris El Nahual (Nov 16)
- Re: Possible DoS against inetd in Solaris Vitaly McLain (Nov 17)
- Re: Possible DoS against inetd in Solaris El Nahual (Nov 17)
- Re: Possible DoS against inetd in Solaris Larry W. Cashdollar (Nov 18)
- Re: Possible DoS against inetd in Solaris El Nahual (Nov 18)
- Re: Possible DoS against inetd in Solaris Vitaly McLain (Nov 17)
- Re: Possible DoS against inetd in Solaris Alla Bezroutchko (Nov 17)
- <Possible follow-ups>
- Re: Possible DoS against inetd in Solaris Andre Monteiro (Nov 22)