Lucene search
Copyright (C) 1999 Mathieu PerrinOPENVAS:1361412562310108029HistoryNov 03, 2005 - 12:00 a.m.
Check for Quote of the Day (qotd) Service (UDP)
2005-11-0300:00:00
Copyright (C) 1999 Mathieu Perrin
plugins.openvas.org
50
6.3 Medium
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.875 High
EPSS
Percentile
98.6%
The Quote of the Day (qotd) service is running on this host.
# SPDX-FileCopyrightText: 1999 Mathieu Perrin
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.108029");
script_version("2023-08-03T05:05:16+0000");
script_tag(name:"last_modification", value:"2023-08-03 05:05:16 +0000 (Thu, 03 Aug 2023)");
script_tag(name:"creation_date", value:"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)");
script_tag(name:"cvss_base", value:"5.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_cve_id("CVE-1999-0103");
script_name("Check for Quote of the Day (qotd) Service (UDP)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 1999 Mathieu Perrin");
script_family("Useless services");
script_dependencies("gb_qotd_detect_udp.nasl");
script_mandatory_keys("qotd/udp/detected");
script_tag(name:"summary", value:"The Quote of the Day (qotd) service is running on this host.");
script_tag(name:"insight", value:"A server listens for UDP datagrams on UDP port 17. When a
datagram is received, an answering datagram is sent containing a quote (the data in the received
datagram is ignored).
Remark: NIST don't see 'configuration issues' as software flaws so the referenced CVE has a
severity of 0.0. The severity of this VT has been raised by Greenbone to still report a
configuration issue on the target.");
script_tag(name:"solution", value:"- Under Unix systems, comment out the 'qotd' line in
/etc/inetd.conf and restart the inetd process
- Under Windows systems, set the following registry keys to 0 :
HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableTcpQotd
HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableUdpQotd
Then launch cmd.exe and type :
net stop simptcp
net start simptcp
To restart the service.");
script_tag(name:"impact", value:"An easy attack is 'pingpong' which IP spoofs a packet between two
machines running qotd. This will cause them to spew characters at each other, slowing the machines
down and saturating the network.");
script_tag(name:"solution_type", value:"Mitigation");
script_tag(name:"qod_type", value:"remote_banner");
exit(0);
}
include("port_service_func.inc");
port = service_get_port( default:17, proto:"qotd", ipproto:"udp" );
if( get_kb_item( "qotd/udp/" + port + "/detected" ) ) {
security_message( port:port, proto:"udp" );
exit( 0 );
}
exit( 99 );Related
ics
ics
Philips IntelliVue Information Center iX (Update B)
2018-10-11 12:00:00
cve
cve
nessus
nessus
Chargen UDP Service Remote DoS
1999-11-29 00:00:00
Quote of the Day (QOTD) Service Detection
1999-11-30 00:00:00
openvas
openvas
Check for Quote of the Day (qotd) Service (TCP)
2005-11-03 00:00:00
Check for Chargen Service (UDP)
2005-11-03 00:00:00
echo Service Reporting (TCP + UDP)
2018-10-23 00:00:00
debiancve
debiancve
CVE-2002-2443
2013-05-29 14:29:00
CVE-2014-0239
2014-05-28 04:58:00
prion
prion
Design/Logic Flaw
2014-05-28 04:58:00
ubuntucve
ubuntucve
CVE-2014-0239
2014-05-28 00:00:00
CVE-2002-2443
2013-05-10 00:00:00
freebsd
freebsd
6.3 Medium
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.875 High
EPSS
Percentile
98.6%
Related for OPENVAS:1361412562310108029