DG/UX inetd Service Exhaustion Denial of Service
BID:1071
Info
DG/UX inetd Service Exhaustion Denial of Service
| Bugtraq ID: | 1071 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 16 2000 12:00AM |
| Updated: | Mar 16 2000 12:00AM |
| Credit: | This vulnerability was posted to the Bugtraq mailing list on March 16, 2000 by The Unicorn <[email protected]> |
| Vulnerable: |
Data General DG/UX 5.4 R4.20U05 Data General DG/UX 5.4 R4.20U04 Data General DG/UX 5.4 R4.11MU06 Data General DG/UX 5.4 R3.10 |
| Not Vulnerable: |
Data General DG/UX 5.4 R4.20MU04B2 |
Discussion
DG/UX inetd Service Exhaustion Denial of Service
A Denial of service (DoS) attack is possible with the default version of inetd distributed with Data General's DG/UX operating system. By performing a scan utilizing nmap's OS detection option (-O), the inetd daemon is put in a state where it will no longer spawn new services without being restarted.
A Denial of service (DoS) attack is possible with the default version of inetd distributed with Data General's DG/UX operating system. By performing a scan utilizing nmap's OS detection option (-O), the inetd daemon is put in a state where it will no longer spawn new services without being restarted.
Exploit / POC
DG/UX inetd Service Exhaustion Denial of Service
nmap -O -p 21 <target>
or
nmap -v -O -sS -p1-1023 <target>
nmap -O -p 21 <target>
or
nmap -v -O -sS -p1-1023 <target>
Solution / Fix
DG/UX inetd Service Exhaustion Denial of Service
Solution:
Patches are available from Data General
Data General DG/UX 5.4 R4.20U05
Data General DG/UX 5.4 R4.20U04
Solution:
Patches are available from Data General
Data General DG/UX 5.4 R4.20U05
Data General DG/UX 5.4 R4.20U04
References
DG/UX inetd Service Exhaustion Denial of Service
References:
References: