[原文]inetd in AIX 4.1.5 dynamically assigns a port N when starting ttdbserver (ToolTalk server), but also inadvertently listens on port N-1 without passing control to ttdbserver, which allows remote attackers to cause a denial of service via a large number of connections to port N-1, which are not properly closed by inetd.
AIX's ToolTalk ttdbserver contains a flaw that may allow a remote denial of service. The issue is due to the way ports are allocated for the server. A port below 1025 is dynamically allocated, and the ttdbvserver listens on that port; however, due to a bug in inetd, the port directly below (for example, 1023 if the server listens on 1024) is opened as well, with no attached server. By opening a large number of connections to the port on which no server is listening and sending small amounts of data, massive amounts of memory will be allocated, up to all available memory on the system. This may result in loss of availability for the platform.
Currently, there are no known workarounds or upgrades to correct this issue. However, IBM has released a patch -- APAR IX70400 -- to address this vulnerability.