[1391] in linux-security and linux-alert archive
[linux-security] Re: Re: dos-attack on inetd.
daemon@ATHENA.MIT.EDU (David Holland)
Fri Jan 17 08:11:03 1997
From: David Holland <dholland@eecs.harvard.edu>
To: linux-security@redhat.com
Date: Thu, 16 Jan 1997 15:16:52 -0500 (EST)
Cc: trident@unix.pp.se
In-Reply-To: <Pine.LNX.3.95.970116132636.5320A-100000@ufp.in-trier.de> from "Bernhard Rosenkraenzer" at Jan 16, 97 01:27:25 pm
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com
> > I discovered a bug in the inetd that comes with NetKit-B-0-08 and older.
> >
> > If a single SYN is sent to port 13 of the server, inetd will die of Broken
> > Pipe:
>
> Try the gnu inetutils (1.2f, as found of alpha.gnu.ai.mit.edu/gnu will
> work with Linux). Shouldn't have this bug.
Far as I can tell, it does. Worse, it has all sorts of other bugs that
the netkit fixed ages and ages ago, including at least one remote root
leak with a published exploit.
So... use gnu inetutils at your peril.
--
- David A. Holland | VINO project home page:
dholland@eecs.harvard.edu | http://www.eecs.harvard.edu/vino