Slackware 8.1 / 9.0 / current : inetd DoS patched (SSA:2003-251-01)
High Nessus Plugin ID 18736
SynopsisThe remote Slackware host is missing a security update.
DescriptionUpgraded inetd packages are available for Slackware 8.1, 9.0 and -
-current. These fix a previously hard-coded limit of 256 connections-per-minute, after which the given service is disabled for ten minutes. An attacker could use a quick burst of connections every ten minutes to effectively disable a service. Once upon a time, this was an intentional feature of inetd, but in today's world it has become a bug. Even having inetd look at the source IP and try to limit only the source of the attack would be problematic since TCP source addresses are so easily faked. So, the approach we have taken (borrowed from FreeBSD) is to disable this rate limiting 'feature' by default. It can be reenabled by providing a -R <rate> option on the command-line if desired, but for obvious reasons we do not recommend this. Any site running services through inetd that they would like protected from this simple DoS attack should upgrade to the new inetd package immediately.
SolutionUpdate the affected inetd package.