This FLAW of xinetd package is not just a Denial of service vuln But the FLAW can
be EXPLOITED :) xinetd-2.1.8.9pre11-1 / xinetd-2.1.8.9pre10 etc....
The code uses a single-byte corruption of the fp. :)
printf("[*] Usage: %s -[h/t/o/s]\n", progname);
printf("[*] Options:\n"
"[-] -h Hostname\n"
"[-] -t Type\n"
"[-] -o Offset\n"
"[-] -s sc_addr_pos\n\n"
"[*] Available types:\n\n");
while(target[i].def != 69)
----- Original Message -----
From: "Mara,Meric B" <[EMAIL PROTECTED]>
Date: Tue, 3 Dec 2002 08:36:21 +0800
To: <[EMAIL PROTECTED]>
Subject: [plug] Fw: [RHSA-2002:196-19] Updated xinetd packages fix denial of service
vulnerability
>
> ----- Original Message -----
> From: <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
> Sent: Tuesday, December 03, 2002 4:38 AM
> Subject: [RHSA-2002:196-19] Updated xinetd packages fix denial of service
> vulnerability
>
>
> > ---------------------------------------------------------------------
> > Red Hat, Inc. Red Hat Security Advisory
> >
> > Synopsis: Updated xinetd packages fix denial of service
> vulnerability
> > Advisory ID: RHSA-2002:196-19
> > Issue date: 2002-09-06
> > Updated on: 2002-12-02
> > Product: Red Hat Linux
> > Keywords: xinetd file descriptor leak flaw:dos-release
> > Cross references:
> > Obsoletes:
> > CVE Names: CAN-2002-0871
> > ---------------------------------------------------------------------
> >
> > 1. Topic:
> >
> > Xinetd contains a denial-of-service (DoS) vulnerability.
> >
> > UPDATE 2002-12-02: Updated packages are available to fix issues
> encountered
> > with the previous errata packages.
> >
> > 2. Relevant releases/architectures:
> >
> > Red Hat Linux 7.0 - i386, alpha
> > Red Hat Linux 7.1 - i386, alpha, ia64
> > Red Hat Linux 7.2 - i386, ia64
> > Red Hat Linux 7.3 - i386
> > Red Hat Linux 8.0 - i386
> >
> > 3. Problem description:
> >
> > Xinetd is a secure replacement for inetd, the Internet services daemon.
> >
> > Versions of Xinetd prior to 2.3.7 leak file descriptors for the signal
> > pipe to services that are launched by xinetd. This could allow an attacker
> > to execute a DoS attack via the pipe. The Common Vulnerabilities and
> > Exposures project has assigned the name CAN-2002-0871 to this issue.
> >
> > Red Hat Linux 7.3 shipped with xinetd version 2.3.4 and is therefore
> > vulnerable to this issue. All users are advised to upgrade to the errata
> > packages which fix the vulnerability.
> >
> > Thanks to Solar Designer for discovering this issue.
> >
> > 4. Solution:
> >
> > Before applying this update, make sure all previously released errata
> > relevant to your system have been applied.
> >
> > To update all RPMs for your particular architecture, run:
> >
> > rpm -Fvh [filenames]
> >
> > where [filenames] is a list of the RPMs you wish to upgrade. Only those
> > RPMs which are currently installed will be updated. Those RPMs which are
> > not installed but included in the list will not be updated. Note that you
> > can also use wildcards (*.rpm) if your current directory *only* contains
> the
> > desired RPMs.
> >
> > Please note that this update is also available via Red Hat Network. Many
> > people find this an easier way to apply updates. To use Red Hat Network,
> > launch the Red Hat Update Agent with the following command:
> >
> > up2date
> >
> > This will start an interactive process that will result in the appropriate
> > RPMs being upgraded on your system.
> >
> > 5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):
> >
> > 74696 - Broken tcp_wrappers support
> > 76146 - xinetd 2.3.9 causes hanging CLOSE_WAIT connections
> > 77781 - xinetd stop serving the services because "Too many open files"
> >
> > 6. RPMs required:
> >
> > Red Hat Linux 7.0:
> >
> > SRPMS:
> > ftp://updates.redhat.com/7.0/en/os/SRPMS/xinetd-2.3.7-4.7x.src.rpm
> >
> > alpha:
> > ftp://updates.redhat.com/7.0/en/os/alpha/xinetd-2.3.7-4.7x.alpha.rpm
> >
> > i386:
> > ftp://updates.redhat.com/7.0/en/os/i386/xinetd-2.3.7-4.7x.i386.rpm
> >
> > Red Hat Linux 7.1:
> >
> > SRPMS:
> > ftp://updates.redhat.com/7.1/en/os/SRPMS/xinetd-2.3.7-4.7x.src.rpm
> >
> > alpha:
> > ftp://updates.redhat.com/7.1/en/os/alpha/xinetd-2.3.7-4.7x.alpha.rpm
> >
> > i386:
> > ftp://updates.redhat.com/7.1/en/os/i386/xinetd-2.3.7-4.7x.i386.rpm
> >
> > ia64:
> > ftp://updates.redhat.com/7.1/en/os/ia64/xinetd-2.3.7-4.7x.ia64.rpm
> >
> > Red Hat Linux 7.2:
> >
> > SRPMS:
> > ftp://updates.redhat.com/7.2/en/os/SRPMS/xinetd-2.3.7-4.7x.src.rpm
> >
> > i386:
> > ftp://updates.redhat.com/7.2/en/os/i386/xinetd-2.3.7-4.7x.i386.rpm
> >
> > ia64:
> > ftp://updates.redhat.com/7.2/en/os/ia64/xinetd-2.3.7-4.7x.ia64.rpm
> >
> > Red Hat Linux 7.3:
> >
> > SRPMS:
> > ftp://updates.redhat.com/7.3/en/os/SRPMS/xinetd-2.3.7-4.7x.src.rpm
> >
> > i386:
> > ftp://updates.redhat.com/7.3/en/os/i386/xinetd-2.3.7-4.7x.i386.rpm
> >
> > Red Hat Linux 8.0:
> >
> > SRPMS:
> > ftp://updates.redhat.com/8.0/en/os/SRPMS/xinetd-2.3.7-5.src.rpm
> >
> > i386:
> > ftp://updates.redhat.com/8.0/en/os/i386/xinetd-2.3.7-5.i386.rpm
> >
> >
> >
> > 7. Verification:
> >
> > MD5 sum Package Name
> > --------------------------------------------------------------------------
> > 38b5f218a384a7ba7cdc0168e2d5f892 7.0/en/os/SRPMS/xinetd-2.3.7-4.7x.src.rpm
> > ee9c54046762e1b3aa53d66da927f9ce
> 7.0/en/os/alpha/xinetd-2.3.7-4.7x.alpha.rpm
> > b4d37fb0fda2fa6606befda4cbd7d458 7.0/en/os/i386/xinetd-2.3.7-4.7x.i386.rpm
> > 38b5f218a384a7ba7cdc0168e2d5f892 7.1/en/os/SRPMS/xinetd-2.3.7-4.7x.src.rpm
> > ee9c54046762e1b3aa53d66da927f9ce
> 7.1/en/os/alpha/xinetd-2.3.7-4.7x.alpha.rpm
> > b4d37fb0fda2fa6606befda4cbd7d458 7.1/en/os/i386/xinetd-2.3.7-4.7x.i386.rpm
> > 569ae16839959297a167bf29e1fb5293 7.1/en/os/ia64/xinetd-2.3.7-4.7x.ia64.rpm
> > 38b5f218a384a7ba7cdc0168e2d5f892 7.2/en/os/SRPMS/xinetd-2.3.7-4.7x.src.rpm
> > b4d37fb0fda2fa6606befda4cbd7d458 7.2/en/os/i386/xinetd-2.3.7-4.7x.i386.rpm
> > 569ae16839959297a167bf29e1fb5293 7.2/en/os/ia64/xinetd-2.3.7-4.7x.ia64.rpm
> > 38b5f218a384a7ba7cdc0168e2d5f892 7.3/en/os/SRPMS/xinetd-2.3.7-4.7x.src.rpm
> > b4d37fb0fda2fa6606befda4cbd7d458 7.3/en/os/i386/xinetd-2.3.7-4.7x.i386.rpm
> > 07c7f1cedf7b9a20bad65815765d4ff2 8.0/en/os/SRPMS/xinetd-2.3.7-5.src.rpm
> > 26e6f6faec33503f3538a4ac80c82ce2 8.0/en/os/i386/xinetd-2.3.7-5.i386.rpm
> >
> >
> > These packages are GPG signed by Red Hat, Inc. for security. Our key
> > is available at http://www.redhat.com/about/contact/pgpkey.html
> >
> > You can verify each package with the following command:
> >
> > rpm --checksig -v <filename>
> >
> > If you only wish to verify that each package has not been corrupted or
> > tampered with, examine only the md5sum with the following command:
> >
> > md5sum <filename>
> >
> >
> > 8. References:
> >
> > http://www.xinetd.org/
> > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0871
> >
> > 9. Contact:
> >
> > The Red Hat security contact is <[EMAIL PROTECTED]>. More contact
> > details at http://www.redhat.com/solutions/security/news/contact.html
> >
> > Copyright(c) 2000, 2001, 2002 Red Hat, Inc.
> >
>
> _
> Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
> To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
>
> Fully Searchable Archives With Friendly Web Interface at http://marc.free.net.ph
>
> To subscribe to the Linux Newbies' List: send "subscribe" in the body to
>[EMAIL PROTECTED]
>
--
__________________________________________________________
Sign-up for your own FREE Personalized E-mail at Mail.com
http://www.mail.com/?sr=signup
One click access to the Top Search Engines
http://www.exactsearchbar.com/mailcom
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
Fully Searchable Archives With Friendly Web Interface at http://marc.free.net.ph
To subscribe to the Linux Newbies' List: send "subscribe" in the body to
[EMAIL PROTECTED]
