Multiple Unix in.comsat Message Flood DoS

1997-09-03T00:00:00
ID OSVDB:9030
Type osvdb
Reporter Andrew Hobgood(andrewh@WPI.EDU)
Modified 1997-09-03T00:00:00

Description

Vulnerability Description

The in.comsatd daemon on many flavors of unix contains a flaw that may allow a local user or LAN connected user to carry out a denial of service. The issue is triggered when a local attacker sends a huge number of username lines very quickly to the open comsat daemon, which will crash the server, resulting in loss of availability.

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): Disable the in.comsat daemon.

Short Description

The in.comsatd daemon on many flavors of unix contains a flaw that may allow a local user or LAN connected user to carry out a denial of service. The issue is triggered when a local attacker sends a huge number of username lines very quickly to the open comsat daemon, which will crash the server, resulting in loss of availability.

References:

Other Advisory URL: http://seclists.org/lists/bugtraq/1997/Sep/0015.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/1997_3/0398.html ISS X-Force ID: 1884 CVE-1999-0194