|
|
| CVE-ID | ||
|---|---|---|
CVE-1999-0216 |
• CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
|
|
| Description | ||
| Denial of service of inetd on Linux through SYN and RST packets. | ||
| References | ||
| Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete. | ||
|
||
| Assigning CNA | ||
| MITRE Corporation | ||
| Date Record Created | ||
| 19990607 | Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE. | |
| Phase (Legacy) | ||
| Modified (19991203) | ||
| Votes (Legacy) | ||
| ACCEPT(1) Hill MODIFY(2) Baker, Frech RECAST(1) Meunier |
||
| Comments (Legacy) | ||
Meunier> The location of the vulnerability, whether in the Linux kernel or the application, is debatable. Any program making the same (reasonnable) assumption is vulnerable, i.e., implements the same vulnerability: "Assumption that TCP-three-way handshake is complete after calling Linux kernel function accept(), which returns socket after getting SYN. Result is process death by SIGPIPE" Moreover, whether it results in DOS (to third parties) depends on the process that made the assumption. I think that the present entry should be split, one entry for every application that implements the vulnerability (really describing threat instances, which is what other people think about when we talk about vulnerabilities), and one entry for the Linux kernel that allows the vulnerability to happen. Frech> XF:hp-inetd XF:linux-inetd-dos Baker> Since we have an hpux bulletin, the description should not specifically say Linux, should it? It applies to mulitple OS and should be likely either modified, or in extreme case, recast |
||
| Proposed (Legacy) | ||
| 19990630 | ||
| This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities. | ||
|
You can also search by reference using the CVE Reference Maps.
|
||
| For More Information: CVE Request Web Form (select "Other" from dropdown) | ||