44722 – Security: internal time service in inetd 0.16-7 causes TIME_WAITs in netstat report and can lead to denial of service

Bug 44722 - Security: internal time service in inetd 0.16-7 causes TIME_WAITs in netstat report and can lead to denial of service

Summary: Security: internal time service in inetd 0.16-7 causes TIME_WAITs in netstat ...

Keywords:
Status:	CLOSED DUPLICATE of bug 16729
Alias:	None
Product:	Red Hat Linux
Classification:	Retired
Component:	inetd
Sub Component:
Version:	6.2
Hardware:	i386
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Jeff Johnson
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2001-06-15 18:23 UTC by Bishop Clark
Modified:	2008-05-01 15:38 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2001-06-15 18:24:29 UTC
Embargoed:

Attachments	(Terms of Use)
rpm and netstat output showing the bug in action on my server. (6.45 KB, text/plain) 2001-06-15 18:24 UTC, Bishop Clark	no flags	Details
View All

Description Bishop Clark 2001-06-15 18:23:04 UTC

From Bugzilla Helper:
User-Agent: Mozilla/4.7 [en] (Win98; U)

Description of problem:
When operating the time service on the new -7 release of inetd, my netstat still shows many lingering connections.  This bug was a hot topic 
for 
inetd.0.16-5 or so, and rumoured ot be fixed with -7.

[root@atlas /root]# rpm -q inetd redhat-release
inetd-0.16-7
redhat-release-6.2-1
[root@atlas /root]# netstat | grep time
tcp        0      5 client-151-198-10-:time ip-132147060.newje:2536 FIN_WAIT1   
tcp        0      0 client-151-198-10-:time ip-132147060.newje:2535 TIME_WAIT   
...... about 50 lines ....
tcp        0      0 client-151-198-10-:time ip-132147060.newje:2458 TIME_WAIT   

How reproducible:
Always

Steps to Reproduce:
1.install RH62
2.activate the time service
3.hit with a time client a few times.
	

Additional info:

this error may or may not occur with http://www.platypus.bc.ca/~bishop/software/inetdfix/inetd-0.16-6.i386.rpm .  It was used successfully to fix 
a problem in the official RHL62 version that resembled this new bug.

Comment 1 Bishop Clark 2001-06-15 18:24:26 UTC

Created attachment 21182 [details]
rpm and netstat output showing the bug in action on my server.

Comment 2 Jeff Johnson 2001-06-15 20:22:44 UTC


*** This bug has been marked as a duplicate of 16729 ***

Note You need to log in before you can comment on or make changes to this bug.