Bug 42081 (CVE-2003-0211) - VUL-0: CVE-2003-0211: xinetd DOS attack
Summary: VUL-0: CVE-2003-0211: xinetd DOS attack
Status: RESOLVED FIXED
Alias: CVE-2003-0211
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: All Linux
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Petr Ostadal
QA Contact: Security Team bot
URL:
Whiteboard: CVE-2003-0211: CVSS v2 Base Score: 5....
Keywords:
Depends on:
Blocks:
 
Reported: 2003-05-23 16:45 UTC by Marcus Meissner
Modified: 2021-09-27 09:51 UTC (History)
1 user (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2003-05-23 16:45:35 UTC 
There is a denial of service attack against xinetd, described here: 
 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0211 
 
Memory leak in xinetd 2.3.10 allows remote attackers to cause a denial of service 
(memory consumption) via a large number of rejected connections. 
 
THere is a fix in 2.3.11 for this problem.
Comment 1 Marcus Meissner 2003-05-23 16:45:35 UTC 
<!-- SBZ_reproduce  -->
see above. no clue how to easily test this
Comment 2 Jan Derfinak 2003-05-23 16:54:18 UTC 
Assigned to maintainer.
Comment 3 Petr Ostadal 2003-05-24 01:06:27 UTC 
I work on it.
Comment 4 Petr Ostadal 2003-06-02 19:33:16 UTC 
I updated xinetd in all distros to new the newest version (a lot of security
bugs cause problem to fixed it in old distros) and I used new sec. fixes from
CVS too.
All fixes I submited to /work/src/done with p&p.
Comment 5 Thomas Biege 2009-10-13 19:45:55 UTC 
CVE-2003-0211: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)