Netkit RWho Packet Size Denial Of Service Vulnerability

BID:12524

Info

Netkit RWho Packet Size Denial Of Service Vulnerability

Bugtraq ID: 12524
Class: Failure to Handle Exceptional Conditions
CVE: CVE-2004-1180
Remote: Yes
Local: No
Published: Feb 11 2005 12:00AM
Updated: Jul 12 2009 10:06AM
Credit: Discovery is credited to Vlad902.
Vulnerable: Netkit Linux Netkit 0.17
+ Caldera OpenLinux 2.4
+ Caldera OpenLinux 2.3
+ Debian Linux 3.0 sparc
 + Debian Linux 3.0 s/390
 + Debian Linux 3.0 ppc
 + Debian Linux 3.0 mipsel
 + Debian Linux 3.0 mips
 + Debian Linux 3.0 m68k
 + Debian Linux 3.0 ia-64
 + Debian Linux 3.0 ia-32
 + Debian Linux 3.0 hppa
 + Debian Linux 3.0 arm
 + Debian Linux 3.0 alpha
 + Debian Linux 3.0
+ Gentoo Linux
+ Redhat Desktop 4.0
+ Redhat Desktop 3.0
+ Redhat Enterprise Linux AS 4
 + Redhat Enterprise Linux AS 3
 + Redhat Enterprise Linux AS 2.1 IA64
 + Redhat Enterprise Linux AS 2.1
 + Redhat Enterprise Linux ES 4
 + Redhat Enterprise Linux ES 3
 + Redhat Enterprise Linux ES 2.1 IA64
 + Redhat Enterprise Linux ES 2.1
 + Redhat Enterprise Linux WS 4
 + Redhat Enterprise Linux WS 3
 + Redhat Enterprise Linux WS 2.1 IA64
 + Redhat Enterprise Linux WS 2.1
 + Redhat Linux 7.1 i386
 + Redhat Linux 7.1 alpha
 + Redhat Linux 7.1
+ Redhat Linux 7.0 sparc
 + Redhat Linux 7.0 i386
 + Redhat Linux 7.0 alpha
 + Redhat Linux 7.0
+ SCO eDesktop 2.4
+ SCO eServer 2.3.1
+ Sun Solaris 9_x86 Update 2
 + Sun Solaris 9_x86
 + Sun Solaris 9
 + Sun Solaris 8_x86
 + Sun Solaris 8_sparc
 + Sun Solaris 7.0_x86
 + Sun Solaris 7.0
 + Sun Solaris 10
 + Ubuntu Ubuntu Linux 4.1 ppc
 + Ubuntu Ubuntu Linux 4.1 ia64
 + Ubuntu Ubuntu Linux 4.1 ia32
 Mandriva Linux Mandrake 10.1 x86_64
Mandriva Linux Mandrake 10.1
Mandriva Linux Mandrake 10.0 AMD64
Mandriva Linux Mandrake 10.0
MandrakeSoft Corporate Server 2.1 x86_64
MandrakeSoft Corporate Server 2.1
Not Vulnerable:

Discussion

Netkit RWho Packet Size Denial Of Service Vulnerability

The Netkit rwho daemon is prone to a denial of service vulnerability. This condition occurs when the server processes packets with malformed sizes.

The vulnerability is only reported to affect the software running on little endian platforms.

It is not known if this condition is due to a boundary condition error or if it may further be leveraged to execute arbitrary code.

Exploit / POC

Netkit RWho Packet Size Denial Of Service Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

Solution / Fix

Netkit RWho Packet Size Denial Of Service Vulnerability

Solution:
Debian has released advisory DSA 678-1 to address this issue. Please see the attached advisory for details on obtaining and applying fixes.

Mandrake Linux has released advisory MDKSA-2005:039 to address this issue. Please see the attached advisory for details on obtaining and applying fixes.


Netkit Linux Netkit 0.17

References

Netkit RWho Packet Size Denial Of Service Vulnerability

References:
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report