Detections
Analytics

Slackware 8.1 / 9.0 / current : inetd DoS patched (SSA:2003-251-01)

high Nessus Plugin ID 18736

Synopsis

The remote Slackware host is missing a security update.

Description

Upgraded inetd packages are available for Slackware 8.1, 9.0 and -
-current. These fix a previously hard-coded limit of 256 connections-per-minute, after which the given service is disabled for ten minutes. An attacker could use a quick burst of connections every ten minutes to effectively disable a service. Once upon a time, this was an intentional feature of inetd, but in today's world it has become a bug. Even having inetd look at the source IP and try to limit only the source of the attack would be problematic since TCP source addresses are so easily faked. So, the approach we have taken (borrowed from FreeBSD) is to disable this rate limiting 'feature' by default. It can be reenabled by providing a -R <rate> option on the command-line if desired, but for obvious reasons we do not recommend this. Any site running services through inetd that they would like protected from this simple DoS attack should upgrade to the new inetd package immediately.

Solution

Update the affected inetd package.

See Also

http://www.nessus.org/u?b095c6ea

Plugin Details

Severity: High

ID: 18736

File Name: Slackware_SSA_2003-251-01.nasl

Version: 1.15

Type: local

Published: 7/13/2005

Updated: 1/14/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:slackware:slackware_linux:inetd, cpe:/o:slackware:slackware_linux, cpe:/o:slackware:slackware_linux:8.1, cpe:/o:slackware:slackware_linux:9.0

Required KB Items: Host/local_checks_enabled, Host/Slackware/release, Host/Slackware/packages

Patch Publication Date: 9/8/2003

Reference Information

SSA: 2003-251-01