CDE ToolTalk ttdbserver Port Spawn DoS

1998-03-18T14:44:44
ID OSVDB:11761
Type osvdb
Reporter Klause Kusche(Klaus.Kusche@ooe.gv.at)
Modified 1998-03-18T14:44:44

Description

Vulnerability Description

AIX's ToolTalk ttdbserver contains a flaw that may allow a remote denial of service. The issue is due to the way ports are allocated for the server. A port below 1025 is dynamically allocated, and the ttdbvserver listens on that port; however, due to a bug in inetd, the port directly below (for example, 1023 if the server listens on 1024) is opened as well, with no attached server. By opening a large number of connections to the port on which no server is listening and sending small amounts of data, massive amounts of memory will be allocated, up to all available memory on the system. This may result in loss of availability for the platform.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, IBM has released a patch -- APAR IX70400 -- to address this vulnerability.

Short Description

AIX's ToolTalk ttdbserver contains a flaw that may allow a remote denial of service. The issue is due to the way ports are allocated for the server. A port below 1025 is dynamically allocated, and the ttdbvserver listens on that port; however, due to a bug in inetd, the port directly below (for example, 1023 if the server listens on 1024) is opened as well, with no attached server. By opening a large number of connections to the port on which no server is listening and sending small amounts of data, massive amounts of memory will be allocated, up to all available memory on the system. This may result in loss of availability for the platform.

References:

Mail List Post: http://marc.theaimsgroup.com/?l=bugtraq&m=89025820612530&w=2 ISS X-Force ID: 813 CVE-1999-1075