[1373] in linux-security and linux-alert archive
[linux-security] dos-attack on inetd.
daemon@ATHENA.MIT.EDU (Magnus Bergman)
Wed Jan 15 02:19:42 1997
Date: Sun, 12 Jan 1997 22:30:31 +0100 (MET)
From: Magnus Bergman <trident@unix.pp.se>
Reply-To: Magnus Bergman <trident@unix.pp.se>
To: linux-security@redhat.com
Resent-From: linux-security@redhat.com
Hi.
I don't know if this one is known, but I can't recall seeing anything
about it. If it is old news I apologize.
I discovered a bug in the inetd that comes with NetKit-B-0-08 and older.
If a single SYN is sent to port 13 of the server, inetd will die of Broken
Pipe:
write(3, "Sun Jan 12 21:50:35 1997\r\n", 26) = -1 EPIPE (Broken pipe)
--- SIGPIPE (Broken pipe) ---
I am no C-guru but I think this patch to inetd would fix it without adding
any other problems:
1426c1426,1427
< sprintf(buffer, "%.24s\r\n", ctime(&clocc));
---
> (void) sprintf(buffer, "%.24s\r\n", ctime(&clocc));
> signal(SIGPIPE, SIG_IGN);
1427a1429
> signal(SIGPIPE, 13);
Correct me if I am wrong... :)
Regards //Tri
[mod: This looks like a quick hack to me. How can a USER process like
inetd get a socket to play with when the 3-way handshake hasn't been
completed? -- REW]