Executive Summary
| Summary | |
|---|---|
| Title | New rinetd packages fix denial of service |
| Informations | |||
|---|---|---|---|
| Name | DSA-289 | First vendor Publication | 2003-04-17 |
| Vendor | Debian | Last vendor Modification | 2003-04-17 |
| Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 7.5 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Sam Hocevar discovered a security problem in rinetd, an IP connection redirection server. When the connection list is full, rinetd resizes the list in order to store the new incoming connection. However, this is done improperly, resulting in a denial of service and potentially execution of arbitrary code. For the stable distribution (woody) this problem has been fixed in version 0.61-1.1. For the old stable distribution (potato) this problem has been fixed in version 0.52-2.1. For the unstable distribution (sid) this problem has been fixed in version 0.61-2 We recommend that you upgrade your rinetd package. |
Original Source
| Url : http://www.debian.org/security/2003/dsa-289 |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 2 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2008-01-17 | Name : Debian Security Advisory DSA 289-1 (rinetd) File : nvt/deb_289_1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 12126 | rinetd handleAccept Connection Saturation Overflow A remote overflow exists in rinetd. rinetd fails to resize the connection list in "handleAccept", resulting in a buffer overflow. By establishing more than 64 connections, an attacker can cause a denial of service or potentially execute arbitrary code on the sytem, resulting in a loss of availability or integrity. |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-289.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:32:34 |
|
