Bug 44832 - nmap -O crashes system if linuxconf-web enabled
nmap -O crashes system if linuxconf-web enabled
Product: Red Hat Linux
Classification: Retired
Component: xinetd (Show other bugs)
i386 Linux
low Severity medium
: ---
: ---
Assigned To: Trond Eivind Glomsrxd
Ben Levenson
: Security
Depends On:
  Show dependency treegraph
Reported: 2001-06-18 03:05 EDT by Henri Schlereth
Modified: 2007-03-26 23:45 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2001-06-18 03:05:51 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Henri Schlereth 2001-06-18 03:05:47 EDT
Description of Problem:
If you use a common security notify script in hosts.allow/ deny and enable linuxconf it will crash
xinetd after filling syslog and generating numerous emails for only one port connection where it
should have only sent one email.

How Reproducible:
This was tested against the latest version of xinetd as supplied by Red Hat errata. This was tested
against the version of linuxconf as supplied for RH7.1 and against the official linuxoconf release.
Enable linuxconf-web 
Configure network access in linuxconf (this really doesnt matter, you can declare the entire netblock
or a single IP)
restart xinetd.

Have the following scripts installed

# hosts.allow	This file describes the names of the hosts which are
#		allowed to use the local INET services, as decided
#		by the '/usr/sbin/tcpd' server.
ALL : 192.168.1. EXCEPT
(modify for local IP's)


ALL : ALL: spawn (echo Probe from %h to %d at `date` | tee -a /var/log/tcpdeny.log |mail -s IDS_alert! root|beep )

(note this is a commonly available security script, not of my own invention, a google search will show
roughly 78 pages/entries).I  only added the beep program.
eg: redhat-digest Digest V00 #679 22 Jun 2000 17:18:10 -0000 
"Date: Thu, 22 Jun 2000 12:03:36 -0400 (EDT)
From: "Michael J. McGillick" <mike@universe.ne.mediaone.net>
Subject: Re: ftp not working
Add the following line to your /etc/hosts.deny file:
ALL: ALL: spawn (echo "Access denied from %u@%h using %d." | mail root)

This will mail the root account on your machine to let you know if a
particular IP address tried to access one of the services on your machine,
and they weren't listeed in /etc/hosts.allow.  This should help you track
down if the problem is that you simply didn't add the machine you're
trying to ftp in from to hosts.allow, or if the problem is not related to
TCP wrappers, but something else.

- Mike"

Steps to Reproduce:
1. Follow all the steps above 
2. Run nmap -O against the test machine
3. Watch the bad stuff happen

Actual Results:
The system starts sending repeated email alerts even after nmap has finished, load average
jumped to 7, linuxconf terminates, xinetd loops on the error and fills up the syslog. I still
have to get the call trace that happened.

Expected Results:
This security script normally generates 1 email for each connection not 1294 ( number that I got
before I restarted xinetd.

Additional Information:
Normally when I run nmap against this system I get 4(total) messages for telnet,pop3,ftp and imap	

Xinetd is still not playing nice with linuxconf. While I understand that linuxconf is depreciated it still
was release as part of RH7.1
Comment 1 Trond Eivind Glomsrxd 2001-06-18 19:34:28 EDT
System misconfiguration - make sure to limit the rates at which you get mailed.
Comment 2 Henri Schlereth 2001-06-18 22:23:44 EDT
I think this is a mistake to close this bug report. Setting /etc/hosts.deny to
generates about a screenfull of errors. While not as traumatic as the mailer
script, it
still indicates that this is a bug.
Comment 3 jack 2001-06-18 22:57:18 EDT
A single request from an invalid location, a single TCP connection generated
35 messages. For sure it is bogus. The whole point of this bug report is
not about receiving one mail (or whatever) per rejected connection, but
getting an enormous amount, for very few, ultimatly confusing xinetd.

Note You need to log in before you can comment on or make changes to this bug.