[6473] in bugtraq
[Fwd: BSDI inetd crash]
daemon@ATHENA.MIT.EDU (Andrew Lun)
Wed Apr 8 02:44:28 1998
Date: Wed, 8 Apr 1998 09:33:52 +0400
Reply-To: Andrew Lun <lunix@ARTELECOM.RU>
From: Andrew Lun <lunix@ARTELECOM.RU>
To: BUGTRAQ@NETSPACE.ORG
BSDI-2.1 is vulnerable too.
Mark Schaefer wrote:
>
> This is a serious bug in BSDI 3.1 servers. One of my coworkers was
> playing with the nmap utility which was mentioned here the other day, and
> he managed to crash inetd on our servers. We quickly duplicated the
> attack against a Linux box running RedHat 4.2, and it did not happen. I
> tried again, myself, on a non-critical BSDI 3.1 server. It happened
> again.
>
> The nmap command line used was (as a non-priviledged user):
> ./nmap -p 1-64000 -i <target host>
>
> I notified BSDI and they suggested that I remove the "tcpmux" entry from
> the /etc/inetd.conf file. After doing this, and attempting the attack
> again, it did not result in a crash of inetd. It was also mentioned that
> patch M310-009 should have fixed this. I tried the attack again, with
> this new patch, and without tcpmux commented out, and it still didn't
> crash inetd.
>
> I would recommend patching up to M310-009, or commenting out this servince
> in tcpmux, which you should probably do anyway unless you know you're
> using it.
>
> Nmap can be obtained from: http://www.dhp.com/~fyodor/nmap
>
> Mark Schaefer The Brigade Quake Clan http://www.thebrigade.com
> System Administrator Email me, it's faster, better, AND cheaper.
> Florida Internet Corporation Annex BBS telnet://bbs.annex.net
> (561)615-0001 Bell Labs Unix -- Reach out and grep someone.
> icq:2991916 Erwyn's AntiSpam Page http://www.flinet.com/~erwyn/spam/
--
lu
