From owner-freebsd-security  Sat Dec 19 08:10:37 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id IAA21513
          for freebsd-security-outgoing; Sat, 19 Dec 1998 08:10:37 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from ppc1.cybertime.ch (ppc1.cybertime.ch [194.191.120.136])
          by hub.freebsd.org (8.8.8/8.8.8) with SMTP id IAA21508
          for <security@FreeBSD.ORG>; Sat, 19 Dec 1998 08:10:35 -0800 (PST)
          (envelope-from pajarola@cybertime.ch)
Received: from gw1usr7.cybertime.ch by ppc1.cybertime.ch (AIX 4.1/UCB 5.64/4.03)
          id AA03354; Sat, 19 Dec 1998 17:10:29 +0100
Message-Id: <3.0.32.19981219170558.0080a8c0@www.dlc.cybertime.ch>
X-Sender: pajarola@www.dlc.cybertime.ch
X-Mailer: Windows Eudora Pro Version 3.0 (32)
Date: Sat, 19 Dec 1998 17:10:36 +0100
To: security@FreeBSD.ORG
From: Rico Pajarola <pajarola@cybertime.ch>
Subject: nmap crashes inetd/portmap on 2.2.6
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

portscanning with nmap results in inetd crashing/hanging on FBSD 2.2.6
which makes an excellent DoS attack. Portmap is also affected, inetd hangs
initializing rpc/udp services when you HUP it, making it somewhat more
complicated to recover, as you'll have to restart all rpc services (in the
correct order). It is not always reproducible (sometimes you need to try
several times with different flags to nmap). I couldn't crash inetd on
FBSD-Current (may 28 1998) so I guess it has been fixed. Are there any
known issues I missed? other os are vulnerable as well (still testing).

Rico Pajarola


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message