• CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Denial of service of inetd on Linux through SYN and RST packets.
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
  • BUGTRAQ:19971130 Linux inetd..
  • HP:HPSBUX9803-077
  • XF:hp-inetd
  • XF:linux-inetd-dos
Assigning CNA
MITRE Corporation
Date Record Created
19990607 Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Modified (19991203)
Votes (Legacy)
ACCEPT(1) Hill
MODIFY(2) Baker, Frech
RECAST(1) Meunier
Comments (Legacy)
 Meunier> The location of the vulnerability, whether in the Linux kernel or the
   application, is debatable.  Any program making the same (reasonnable)
   assumption is vulnerable, i.e., implements the same vulnerability:
   "Assumption that TCP-three-way handshake is complete after calling Linux
   kernel function accept(), which returns socket after getting SYN.   Result
   is process death by SIGPIPE"
   Moreover, whether it results in DOS (to third parties) depends on the
   process that made the assumption.
   I think that the present entry should be split, one entry for every
   application that implements the vulnerability (really describing threat
   instances, which is what other people think about when we talk about
   vulnerabilities), and one entry for the Linux kernel that allows the
   vulnerability to happen.
 Frech> XF:hp-inetd
 Baker> Since we have an hpux bulletin, the description should not specifically say Linux, should it?  It applies to mulitple OS and should be likely either modified, or in extreme case, recast

Proposed (Legacy)
This is a record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.