SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (UNIX)  >   Telnet Vendors:   Sun
Sun Solaris in.telnetd Unspecified Bug May Let Remote Users Crash the System
SecurityTracker Alert ID:  1006910
SecurityTracker URL:  http://securitytracker.com/id/1006910
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jun 3 2003
Impact:   Denial of service via local system, Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Solaris 2.6, 7, 8, and 9
Description:   A denial of service vulnerability was reported in the in.telnetd(1M) daemon on Sun Solaris. A remote user may be able to cause the system to become unresponsive.

Sun issued Alert 54181 warning that a local or remote user may be able to cause the in.telnetd(1M) daemon to enter an infinite processing loop, consuming "large amounts" of CPU resources. If multiple telnet processes are affected, the entire system may become unresponsive.

The cause of the flaw was not disclosed.

Impact:   A remote or local user may be able to cause excessive CPU resource consumption, potentially causing the system to become unresponsive.
Solution:   Sun has issued the following fixes:

SPARC Platform

Solaris 2.6 with patch 106049-05 or later
Solaris 7 with patch 107475-05 or later
Solaris 8 with patch 110668-04 or later
Solaris 9 with patch 114729-01 or later

x86 Platform

Solaris 2.6 with patch 106050-05 or later
Solaris 7 with patch 107476-05 or later
Solaris 8 with patch 110669-04 or later
Solaris 9 with patch 114730-01 or later

Vendor URL:  sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F54181 (Links to External Site)
Cause:   Resource error

Message History:   None.


 Source Message Contents

Subject:  A System Wide Denial of Service May be Caused Through The in.telnetd(1M)


http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F54181

Sun issued Alert 54181 warning of a vulnerability in the in.telnetd(1M) daemon on Sun Solaris.

A local or remote user may be able to cause the in.telnetd(1M) daemon to enter an infinite 
processing loop, consuming "large amounts" of CPU resources.  If multiple telnet processes 
are affected, the entire system may become unresponsive.

Solaris 2.6, 7, 8, and 9 are affected.


Sun has issued the following fixes:

SPARC Platform

Solaris 2.6 with patch 106049-05 or later
Solaris 7 with patch 107475-05 or later
Solaris 8 with patch 110668-04 or later
Solaris 9 with patch 114729-01 or later

x86 Platform

Solaris 2.6 with patch 106050-05 or later
Solaris 7 with patch 107476-05 or later
Solaris 8 with patch 110669-04 or later
Solaris 9 with patch 114730-01 or later

Some potential workarounds are described in the Sun Alert.

-----

Sun Alert ID: 54181
Synopsis: A System Wide Denial of Service May be Caused Through The in.telnetd(1M) Daemon
Category: Security
Product: Solaris
BugIDs: 4798177
Avoidance: Patch
State: Resolved
Date Released: 02-Jun-2003
Date Closed: 02-Jun-2003
Date Modified:



 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC