[11729] in bugtraq
remote DoS against inetd and ssh
daemon@ATHENA.MIT.EDU (Grzegorz Stelmaszek)
Wed Sep 8 00:55:50 1999
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.LNX.4.10.9909030845120.6553-100000@main.tenet.pl>
Date: Fri, 3 Sep 1999 08:54:50 +0200
Reply-To: Grzegorz Stelmaszek <greg@TENET.PL>
From: Grzegorz Stelmaszek <greg@TENET.PL>
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
Hi,
At the beginning i'd like to excuse all of you if it is commonly well
known (hmm, i guess it is, but noone patched it ;>.
Both DoS`s use something known as portfuck (e.g. `while true; do telnet
host port & done`).
1. If you use it against any inetd service, inetd will shoutdown that
service for about 30 minutes (i did not checked, but it seems to be about
that time).
2. If you use it against sshd, you have 99% that you crash the mashine in
few seconds.
TESTED:
sshd-1.2.26 on Debian 2.0
sshd-1.2.27 on Debian 2.1
sshd-1.2.27 on RedHat 5.2
inetd - one provided with Debian 2.0/2.1/Redhat 5.2
all above platforms are VULNURABLE to this attack
COMPROMISE:
Allows any user to hang many machines in the Internet (i guess that only
these behind a firewall are secure ;>
SOLUTION:
propaply running in ulimit envirmont (like qmail does) should help and
additionally in inetd remove this strange 'protection'.
regards,
greg AKA VanitaS
***************************************************************************
* Grzegorz Stelmaszek * For my public PGP key:
* mailto:greg@tenet.pl * finger:greg@tenet.pl
* http://www.tenet.pl * 18 E9 5E 6D 78 F0 11 F2
****************************** 45 CF CF 63 77 C0 A4 20
