|
Vulnerability inetd Affected Data General (DG/UX 5.4R3.10) Description Following is based on BlackHats Security Advisory. The inetd (see also: "man 8 inetd") daemon in any UNIX like operating system is used to listen to any incoming connections on the ports as specified in the /etc/inetd.conf (also described in the manual page) file and start the service connected to that port as specified in the same file. The purpose of having one such super daemon is to save memory space and make it easier to startup other daemons as well. The overhead of the necessary fork/exec is justified for a normally loaded system. Processes started by the inetd daemon include, but are not limited to, "ftp", "telnet" and "finger". When using the nmap scanner, developed by Fyodor to try and determine what operating system the remote target is actually running (using a technique named "stack fingerprinting"), the inetd daemon will change to such a state that it is therafter no longer capable of spawning new services. The only current solution being a restart of the inetd daemon by the operator of the Data General system. Affected are Data General systems running DG/UX R4.20MU04/05 and R4.11MU06 (M88k) and perhaps other versions of this operating system as well (unable to verify this because these were unavailable). The following is the minimal command used to actually deny all services started by inetd (which listens to the ftp port (21)): nmap -O -p 21 <target> To be on the safe side (and the actual command issued which lead to this advisory) you can also use the following stealty scan of the reserved ports of the Data General DG/UX system: nmap -v -O -sS -p1-1023 <target> Solution The only exception able to verify was the DG/UX B2 system (R4.20MU04), which seemed not effected by this scan. Black Hats notified Data General of this problem in the second week of february, and finally received patch tcpip_R4.20MU04.p11.