Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Slackware 8.1 / 9.0 / current : inetd DoS patched (SSA:2003-251-01)

🗓️ 13 Jul 2005 00:00:00Reported by TenableType 
nessus
 nessus🔗 www.tenable.com👁 12 Views

inetd DoS patched for Slackware 8.1, 9.0, and -current to remove hard-coded connection limit and protect against simple DoS attac

Refs
Code
SourceLink
nessuswww.nessus.org/u
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Slackware Security Advisory 2003-251-01. The text 
# itself is copyright (C) Slackware Linux, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(18736);
  script_version("1.15");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_xref(name:"SSA", value:"2003-251-01");

  script_name(english:"Slackware 8.1 / 9.0 / current : inetd DoS patched (SSA:2003-251-01)");
  script_summary(english:"Checks for updated package in /var/log/packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Slackware host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Upgraded inetd packages are available for Slackware 8.1, 9.0 and -
-current. These fix a previously hard-coded limit of 256
connections-per-minute, after which the given service is disabled for
ten minutes. An attacker could use a quick burst of connections every
ten minutes to effectively disable a service. Once upon a time, this
was an intentional feature of inetd, but in today's world it has
become a bug. Even having inetd look at the source IP and try to limit
only the source of the attack would be problematic since TCP source
addresses are so easily faked. So, the approach we have taken
(borrowed from FreeBSD) is to disable this rate limiting 'feature' by
default. It can be reenabled by providing a -R <rate> option on the
command-line if desired, but for obvious reasons we do not recommend
this. Any site running services through inetd that they would like
protected from this simple DoS attack should upgrade to the new inetd
package immediately."
  );
  # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2003&m=slackware-security.418022
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?b095c6ea"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected inetd package.");
  script_set_attribute(attribute:"risk_factor", value:"High");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:inetd");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:8.1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:9.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2003/09/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2005/07/13");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.");
  script_family(english:"Slackware Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("slackware.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware");
if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING);


cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu);


flag = 0;
if (slackware_check(osver:"8.1", pkgname:"inetd", pkgver:"1.79s", pkgarch:"i386", pkgnum:"2")) flag++;

if (slackware_check(osver:"9.0", pkgname:"inetd", pkgver:"1.79s", pkgarch:"i386", pkgnum:"2")) flag++;

if (slackware_check(osver:"current", pkgname:"inetd", pkgver:"1.79s", pkgarch:"i486", pkgnum:"2")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
14 Jan 2021 00:00Current
5.3Medium risk
Vulners AI Score5.3
inetdslackwaredosattackpatchedsecurityissue
12