CVE-2003-0212
CVSS7.5
发布时间 :2003-05-12 00:00:00
修订时间 :2016-10-17 22:30:45
NMCOS    

[原文]handleAccept in rinetd before 0.62 does not properly resize the connection list when it becomes full and sets an array index incorrectly, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large number of connections.


[CNNVD]Rinetd连接列表重定义大小远程拒绝服务攻击漏洞(CNNVD-200305-034)

        
        rinetd是一款IP连接重定向服务程序。
        rinetd在当重定义连接列表大小的时候存在问题,远程攻击者可以利用这个漏洞对服务程序进行拒绝服务攻击。
        当连接列表忙的情况下,rinetd就会重定义列表大小,以存储新进入的连接,但是操作不正确,可导致拒绝服务或可能以rinetd服务进程权限在系统上执行任意指令,目前没有详细漏洞细节。
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:rinetd:rinetd:0.61
cpe:/a:rinetd:rinetd:0.52

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0212
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0212
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200305-034
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=105059298502830&w=2
(UNKNOWN)  BUGTRAQ  20030417 Vulnerability in rinetd
http://www.debian.org/security/2003/dsa-289
(VENDOR_ADVISORY)  DEBIAN  DSA-289

- 漏洞信息

Rinetd连接列表重定义大小远程拒绝服务攻击漏洞
高危 设计错误
2003-05-12 00:00:00 2005-10-20 00:00:00
远程  
        
        rinetd是一款IP连接重定向服务程序。
        rinetd在当重定义连接列表大小的时候存在问题,远程攻击者可以利用这个漏洞对服务程序进行拒绝服务攻击。
        当连接列表忙的情况下,rinetd就会重定义列表大小,以存储新进入的连接,但是操作不正确,可导致拒绝服务或可能以rinetd服务进程权限在系统上执行任意指令,目前没有详细漏洞细节。
        

- 公告与补丁

        厂商补丁:
        Debian
        ------
        
        http://www.debian.org/security/2003/dsa-289

- 漏洞信息

12126
rinetd handleAccept Connection Saturation Overflow
Remote / Network Access Input Manipulation
Loss of Integrity, Loss of Availability
Exploit Unknown

- 漏洞描述

A remote overflow exists in rinetd. rinetd fails to resize the connection list in "handleAccept", resulting in a buffer overflow. By establishing more than 64 connections, an attacker can cause a denial of service or potentially execute arbitrary code on the sytem, resulting in a loss of availability or integrity.

- 时间线

2003-04-17 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 0.62 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

Rinetd Connection List Resizing Denial of Service Vulnerability
Design Error 7377
Yes No
2003-04-17 12:00:00 2009-07-11 09:06:00
The discovery of this vulnerability has been credited to Sam Hocevar.

- 受影响的程序版本

rinetd rinetd 0.61
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
rinetd rinetd 0.52
+ Debian Linux 2.2 sparc
+ Debian Linux 2.2 powerpc
+ Debian Linux 2.2 IA-32
+ Debian Linux 2.2 arm
+ Debian Linux 2.2 alpha
+ Debian Linux 2.2 68k
+ Debian Linux 2.2
rinetd rinetd 0.62

- 不受影响的程序版本

rinetd rinetd 0.62

- 漏洞讨论

A vulnerability has been discovered in rinetd 0.61 and earlier. The problem occurs when attempting to resize the connections list, to accommodate more connections. This issue can be exploited by making multiple connections to the rinetd service until a connection list reallocation occurs.

Successful exploitation of this vulnerability may allow an attacker to effectively deny legitimate users from accessing IP redirection services.

- 漏洞利用

No exploit is required as this condition can by triggered by making multiple connections to the rinetd service.

- 解决方案

Fixes available:


rinetd rinetd 0.52

rinetd rinetd 0.61

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站