rwhod Remote Denial of Service Vulnerability BugTraq ID: 2473 Remote: Yes Date Published: 2001-03-12 Relevant URL: http://www.securityfocus.com/bid/2473 Summary: The rwhod daemon maintains a table of logged in users and other information from networked machines; this information is broadcast on the network. The FreeBSD implentation of this daemon (and possibly others, although this is unverified) fails to check the size of incoming rwhod packets (as defined by the "struct whod" in the rwhod source code). Sending an unexpectedly short package to a remote rwhod daemon, which normally resides on port 513 (UDP) when active, results in an error that crashes the rwhod daemon. Specifically, the subtraction operation resulting in an unsigned integer, defined by the operation "(cc-WHDRSIZE)/sizeof(struct whoent)" (where cc is the size of the received data), can cause a later comparison to fail when cc < WHDRSIZE. Although a failure of this daemon does not directly affect other operating system functions and does not provide any privilege elevation it constitutes unexpected behavior; other components (if any) that are reliant upon rwhod may also fail. - Pour poster une annonce: [EMAIL PROTECTED]
