发布时间 :1998-03-18 00:00:00
修订时间 :2016-10-17 22:01:00

[原文]inetd in AIX 4.1.5 dynamically assigns a port N when starting ttdbserver (ToolTalk server), but also inadvertently listens on port N-1 without passing control to ttdbserver, which allows remote attackers to cause a denial of service via a large number of connections to port N-1, which are not properly closed by inetd.

[CNNVD]AIX Internet超级服务器 (CNNVD-199803-011)

        AIX 4.1.5版本的Internet超级服务器在打开ttdbserver (ToolTalk服务)时动态分配一个N端口,但也会在没有ttdbserve通过控制下错误分配N-1端口,远程攻击者可以通过过多对N-1端口的连接导致服务拒绝,最终不正确关闭。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(UNKNOWN)  BUGTRAQ  19980318 AIX 4.1.5 DoS attack (aka "Port 1025 problem")

- 漏洞信息

AIX Internet超级服务器
中危 未知
1998-03-18 00:00:00 2005-10-20 00:00:00
        AIX 4.1.5版本的Internet超级服务器在打开ttdbserver (ToolTalk服务)时动态分配一个N端口,但也会在没有ttdbserve通过控制下错误分配N-1端口,远程攻击者可以通过过多对N-1端口的连接导致服务拒绝,最终不正确关闭。

- 公告与补丁


- 漏洞信息

CDE ToolTalk ttdbserver Port Spawn DoS
Remote / Network Access Denial of Service
Loss of Availability
Exploit Public

- 漏洞描述

AIX's ToolTalk ttdbserver contains a flaw that may allow a remote denial of service. The issue is due to the way ports are allocated for the server. A port below 1025 is dynamically allocated, and the ttdbvserver listens on that port; however, due to a bug in inetd, the port directly below (for example, 1023 if the server listens on 1024) is opened as well, with no attached server. By opening a large number of connections to the port on which no server is listening and sending small amounts of data, massive amounts of memory will be allocated, up to all available memory on the system. This may result in loss of availability for the platform.

- 时间线

1998-03-18 Unknow
1998-03-18 Unknow

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, IBM has released a patch -- APAR IX70400 -- to address this vulnerability.

- 相关参考

- 漏洞作者