Re: 11 years of inetd default insecurity?

From: Darren Pilgrim (dmp_at_bitfreak.org)
Date: 09/09/03

  • Next message: Dave Ahmad: "Administrivia: [Important] Community Involvement in the Future of Bugtraq" 
    Date: Tue, 9 Sep 2003 10:17:12 -0700
To: 3APA3A <3APA3A@SECURITY.NNOV.RU>

    On 2003.09.06 18:08:22 +0400, 3APA3A <3APA3A@SECURITY.NNOV.RU> wrote:
    > II. Who is vulnerable
    >
    > Any system shipped with network daemons launched through inetd
    > (FreeBSD, SuSE, Red Hat, etc.).

    FreeBSD doesn't run anything through inetd by default. You have to
    manually edit inetd.conf to enable anything, and there is a warning
    screen during the install process about doing so.

    Additionally, FreeBSD's stock inetd has the following options:

         -c maximum
                 Specify the default maximum number of simultaneous
                 invocations of each service; the default is unlimited.
                 May be overridden on a per-service basis with the
                 "max-child" parameter.

         -C rate
                 Specify the default maximum number of times a service can
                 be invoked from a single IP address in one minute; the
                 default is unlimited. May be overridden on a per-service
                 basis with the "max-connections-per-ip-per-minute"
                 parameter.

         -R rate
                 Specify the maximum number of times a service can be
                 invoked in one minute; the default is 256. A rate of 0
                 allows an unlimited number of invocations.

         -s maximum
                 Specify the default maximum number of simultaneous
                 invocations of each service from a single IP address; the
                 default is unlimited. May be overridden on a per-service
                 basis with the "max-child-per-ip" parameter.

  • Next message: Dave Ahmad: "Administrivia: [Important] Community Involvement in the Future of Bugtraq"

    Relevant Pages

    • FreeBSD Security Advisory: FreeBSD-SA-01:11.inetd [REVISED]
      ... Corrected: 2000-11-25 (FreeBSD 4.2-STABLE) ... The inetd ident server is an implementation of the RFC1413 ... All released versions of FreeBSD prior to the correction date ... The inetd internal ident server is not enabled by default. ...
      (FreeBSD-Security)
    • FreeBSD Security Advisory: FreeBSD-SA-01:11.inetd [REVISED]
      ... Corrected: 2000-11-25 (FreeBSD 4.2-STABLE) ... The inetd ident server is an implementation of the RFC1413 ... All released versions of FreeBSD prior to the correction date ... The inetd internal ident server is not enabled by default. ...
      (FreeBSD-Security)
    • Odd event -- possible security hole or DoS?
      ... say that his FreeBSD system was acting strangely. ... I was seeing just might happen if inetd somehow messed up. ... message saying that finger requests were being denied. ... It simply outputs a message to standard output. ...
      (FreeBSD-Security)
    • Re: Odd event -- possible security hole or DoS?
      ... > say that his FreeBSD system was acting strangely. ... > I was seeing just might happen if inetd somehow messed up. ... > message saying that finger requests were being denied. ... It simply outputs a message to standard output. ...
      (FreeBSD-Security)
    • FreeBSD Security Advisory: FreeBSD-SA-01:11.inetd
      ... The inetd ident server is an implementation of the RFC1413 ... Upgrade the vulnerable FreeBSD system to 3.5-STABLE or 4.2-STABLE ... Verify the detached PGP signature using your PGP utility. ...
      (FreeBSD-Security)
    • Quantcast