S.u.S.E. in.identd Denial of Service Vulnerability
BID:2015
Info
S.u.S.E. in.identd Denial of Service Vulnerability
| Bugtraq ID: | 2015 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 29 2000 12:00AM |
| Updated: | Nov 29 2000 12:00AM |
| Credit: | First posted to Bugtraq by Niels Heinen <[email protected]> on Nov 29, 2000. Additional information posted to Bugtraq by Roman Drahtmueller <[email protected]>. |
| Vulnerable: |
SuSE Linux 7.0 SuSE Linux 6.4 SuSE Linux 6.3 SuSE Linux 6.2 SuSE Linux 6.1 SuSE Linux 6.0 |
| Not Vulnerable: | |
Discussion
S.u.S.E. in.identd Denial of Service Vulnerability
The in.identd service is used to provide remote systems with usernames associated with tcp connection port pairs. The version of in.identd that ships with S.u.S.E. Linux contains a remotely exploitable denial of service vulnerability that may result in the service crashing.
Though the denial of service is the result of oversized input recieved by the server, it is not an overflow. What happens is that the identd server realizes that the input is too long and changes the value of some pointer to NULL. The server then attempts to dereference this pointer and terminates due to a segmentation violation.
The S.u.S.E. ident daemon is multithreaded and is not spawned via inetd. There is only one in.identd process started, usually by init. As a result, if it is terminated it is not restarted. A denial of the identd service occurs until manually restarted.
The in.identd service is used to provide remote systems with usernames associated with tcp connection port pairs. The version of in.identd that ships with S.u.S.E. Linux contains a remotely exploitable denial of service vulnerability that may result in the service crashing.
Though the denial of service is the result of oversized input recieved by the server, it is not an overflow. What happens is that the identd server realizes that the input is too long and changes the value of some pointer to NULL. The server then attempts to dereference this pointer and terminates due to a segmentation violation.
The S.u.S.E. ident daemon is multithreaded and is not spawned via inetd. There is only one in.identd process started, usually by init. As a result, if it is terminated it is not restarted. A denial of the identd service occurs until manually restarted.
Solution / Fix
S.u.S.E. in.identd Denial of Service Vulnerability
Solution:
Until a fix is released, Roman Drahtmueller <[email protected]> suggests (a patch is forthecoming):
In the meanwhile, you may want to disable the service by changing
START_IDENTD="yes" # default
to
START_IDENTD="no"
in /etc/rc.config and by killing the daemon: `killall in.identd´. Thanks to Niels for pointing this out, too.
Currently the SecurityFocus staff are not ware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution:
Until a fix is released, Roman Drahtmueller <[email protected]> suggests (a patch is forthecoming):
In the meanwhile, you may want to disable the service by changing
START_IDENTD="yes" # default
to
START_IDENTD="no"
in /etc/rc.config and by killing the daemon: `killall in.identd´. Thanks to Niels for pointing this out, too.
Currently the SecurityFocus staff are not ware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].