Bug 42081 (CVE-2003-0211)

Summary: VUL-0: CVE-2003-0211: xinetd DOS attack
Product: [Novell Products] SUSE Security Incidents Reporter: Marcus Meissner <meissner>
Component: IncidentsAssignee: Petr Ostadal <postadal>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: security-team
Version: unspecified   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: CVE-2003-0211: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Marcus Meissner 2003-05-23 16:45:35 UTC 
There is a denial of service attack against xinetd, described here: 
 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0211 
 
Memory leak in xinetd 2.3.10 allows remote attackers to cause a denial of service 
(memory consumption) via a large number of rejected connections. 
 
THere is a fix in 2.3.11 for this problem.
Comment 1 Marcus Meissner 2003-05-23 16:45:35 UTC 
<!-- SBZ_reproduce  -->
see above. no clue how to easily test this
Comment 2 Jan Derfinak 2003-05-23 16:54:18 UTC 
Assigned to maintainer.
Comment 3 Petr Ostadal 2003-05-24 01:06:27 UTC 
I work on it.
Comment 4 Petr Ostadal 2003-06-02 19:33:16 UTC 
I updated xinetd in all distros to new the newest version (a lot of security
bugs cause problem to fixed it in old distros) and I used new sec. fixes from
CVS too.
All fixes I submited to /work/src/done with p&p.
Comment 5 Thomas Biege 2009-10-13 19:45:55 UTC 
CVE-2003-0211: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)