[prev in list] [next in list] [prev in thread] [next in thread] 

List:       nessus
Subject:    Re: redhat 6.2 inetd testing method
From:       Renaud Deraison <deraison () nessus ! org>
Date:       2003-01-27 9:37:23
[Download RAW message or body]

On Mon, Jan 27, 2003 at 03:10:56PM +0800, Tan Herng Hsi wrote:
> Hiya,
> 
> Iooking at the Redhat 6.2 inetd testing methods under the pref tab of nessus 
> GUI client and the rh_inetd.nasl plugin, I assume that quick and dirty method 
> simply looks at the banner of the target for redhat 6.2 and reports inetd 
> vulnerability(correct me if Im wrong). What about real check method?...what 
> does it do?

It performs the real check. The flaw is a file descriptor leak - ie:
when you close to an inetd service and disconnect, the remote inetd does
not close the file descriptor. So the more you connect, the more file
descriptors are open on the remote side. After ~ 1500 connections, the
remote inetd server can't reply to you at all.

So this is what the plugin does - it connects repeatedly on various
inetd ports, until they don't respond any more. However, it's very very
slow, because if it connects too fast, then the remote inetd will
temporarily close the port (this is not a bug, but a feature in inetd).


				-- Renaud
[prev in list] [next in list] [prev in thread] [next in thread]