| Reporter | Title | Published | Views | Family All 29 |
|---|---|---|---|---|
| Chargen UDP Service Remote DoS | 29 Nov 199900:00 | – | nessus | |
| Echo Service Detection | 22 Jun 199900:00 | – | nessus | |
| MiracleLinux 4 : krb5-1.10.3-10.AXS4.3 (AXSA:2013-477:03) | 16 Jan 202600:00 | – | nessus | |
| MiracleLinux 4 : krb5-1.10.3-10.AXS4.3 (AXSA:2013-483:04) | 16 Jan 202600:00 | – | nessus | |
| MiracleLinux 3 : krb5-1.6.1-70.AXS3.2 (AXSA:2013-533:01) | 16 Jan 202600:00 | – | nessus | |
| Quote of the Day (QOTD) Service Detection | 30 Nov 199900:00 | – | nessus | |
| Oracle Solaris Third-Party Patch Update : kerberos (cve_2002_2443_denial_of) | 19 Jan 201500:00 | – | nessus | |
| CVE-1999-0103 | 29 May 201815:50 | – | circl | |
| CVE-1999-0103 | 29 Sep 199904:00 | – | cve | |
| CVE-1999-0639 | 4 Feb 200005:00 | – | cve |
# SPDX-FileCopyrightText: 1999 Mathieu Perrin
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.108030");
script_version("2023-09-12T05:05:19+0000");
script_tag(name:"last_modification", value:"2023-09-12 05:05:19 +0000 (Tue, 12 Sep 2023)");
script_tag(name:"creation_date", value:"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)");
script_tag(name:"cvss_base", value:"5.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_cve_id("CVE-1999-0103", "CVE-1999-0639");
script_name("Check for Chargen Service (UDP)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 1999 Mathieu Perrin");
script_family("Useless services");
script_dependencies("gb_chargen_detect_udp.nasl");
script_mandatory_keys("chargen/udp/detected");
script_tag(name:"summary", value:"The remote host is running a 'chargen' service.");
script_tag(name:"vuldetect", value:"Checks whether a chargen service is exposed on the target
host.");
script_tag(name:"insight", value:"When contacted, chargen responds with some random characters
(something like all the characters in the alphabet in a row). When contacted via UDP, it will
respond with a single UDP packet.
The purpose of this service was to mostly to test the TCP/IP protocol by itself, to make sure that
all the packets were arriving at their destination unaltered. It is unused these days, so it is
suggested you disable it, as an attacker may use it to set up an attack against this host, or
against a third party host using this host as a relay.");
script_tag(name:"solution", value:"- Under Unix systems, comment out the 'chargen' line in
/etc/inetd.conf and restart the inetd process
- Under Windows systems, set the following registry keys to 0 :
HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableTcpChargen
HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableUdpChargen
Then launch cmd.exe and type :
net stop simptcp
net start simptcp
To restart the service.");
script_tag(name:"impact", value:"An easy attack is 'ping-pong' in which an attacker spoofs a
packet between two machines running chargen. This will cause them to spew characters at each
other, slowing the machines down and saturating the network.");
script_tag(name:"solution_type", value:"Mitigation");
script_tag(name:"qod_type", value:"remote_banner");
exit(0);
}
include("port_service_func.inc");
port = service_get_port( default:19, proto:"chargen", ipproto:"udp" );
if( get_kb_item( "chargen/udp/" + port + "/detected" ) ) {
security_message( port:port, proto:"udp" );
exit( 0 );
}
exit( 99 );
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation