Bug 1213295 (CVE-1999-0636)

Summary: VUL-0: CVE-1999-0636: xinetd: The discard service is running.
Product: [Novell Products] SUSE Security Incidents Reporter: Marcus Meissner <meissner>
Component: IncidentsAssignee: package coldpool <coldpool>
Status: RESOLVED WONTFIX QA Contact: Security Team bot <security-team>
Severity: Critical    
Priority: P3 - Medium CC: security-team
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/6678/
Whiteboard:
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Marcus Meissner 2023-07-13 15:03:36 UTC 
CVE-1999-0636

The discard service is running.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-0636
https://www.cve.org/CVERecord?id=CVE-1999-0636
Comment 1 Marcus Meissner 2023-07-13 15:05:27 UTC 
Note that discard is a service which would be served by either inetd or xinetd.

In our xinetd configurations the service is default disabled.


There is not much more information about this CVE, and how it would be exploitable.

The only current way I see is that it can be used to check for system presence,  but this would usually also be possible via SYN scans, ICMP pings or similar methods.
Comment 2 Marcus Meissner 2023-07-13 15:33:02 UTC 
close to the original location here the CVE discussion:


https://cve.mitre.org/data/board/archives/1999-08/msg00007.html
Comment 3 Marcus Meissner 2023-07-13 15:34:34 UTC 
discussion on whether to assign CVEs:

https://cve.mitre.org/data/board/archives/1999-08/msg00004.html
Comment 4 Marcus Meissner 2023-07-13 15:52:30 UTC 
closing this CVE archeology topic.