[1373] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] dos-attack on inetd.

daemon@ATHENA.MIT.EDU (Magnus Bergman)
Wed Jan 15 02:19:42 1997

Date: Sun, 12 Jan 1997 22:30:31 +0100 (MET)
From: Magnus Bergman <trident@unix.pp.se>
Reply-To: Magnus Bergman <trident@unix.pp.se>
To: linux-security@redhat.com
Resent-From: linux-security@redhat.com

Hi.

I don't know if this one is known, but I can't recall seeing anything
about it. If it is old news I apologize.

I discovered a bug in the inetd that comes with NetKit-B-0-08 and older.

If a single SYN is sent to port 13 of the server, inetd will die of Broken
Pipe:

write(3, "Sun Jan 12 21:50:35 1997\r\n", 26) = -1 EPIPE (Broken pipe)
--- SIGPIPE (Broken pipe) ---

I am no C-guru but I think this patch to inetd would fix it without adding
any other problems:

1426c1426,1427
< 	sprintf(buffer, "%.24s\r\n", ctime(&clocc));
---
> 	(void) sprintf(buffer, "%.24s\r\n", ctime(&clocc));
> 	signal(SIGPIPE, SIG_IGN);
1427a1429
> 	signal(SIGPIPE, 13);

Correct me if I am wrong... :)

Regards //Tri

[mod: This looks like a quick hack to me. How can a USER process like
inetd get a socket to play with when the 3-way handshake hasn't been
completed? -- REW]


home help back first fref pref prev next nref lref last post