|
| TC: | 12011 | |
| Description: | TCPMUX is the TCP Port Service MULtiplexer. It listens on port 1/tcp. Some BSDI systems have it enabled. Unfortunately, attempts to connect to this port may crash inetd, disabling all inetd-managed services. | |
| TC Impact: | Denial of Service | |
| Service: | tcpmux |
| Vulnerability Publication: | April 07, 1998 | |
| Advisory Copyright: | Mark Schaefer | |
| Summary: | An attacker can crash the inetd master server that listens to many 'ports', using a very simple attack that consists of a connection attempt to an unusual port. | |
| Risk: | High | |
| CVSS 2.0 metrics: | N.A. | |
| CVSS 2.0 Base Score: | 8.0 (Approximated) |
| Vulnerability Impact: |
Crash |
|---|
| Host Impact: | An attacker can disable a full range of services | |
| Nature of Remediation: | Disable service |
| Step required to fix the reported vulnerability: | |
***** Solution type: Undefined ***** Disable TCPMUX in /etc/inetd.conf. Obtain patch from BSDI. On BSDI 3.1, get patch # M310-009 |
| References: | ||
| http://www.securityfocus.com/archive/1/8940 http://www.BSDI.COM/services/support/patches/patches-3.1/M310-009 http://www.securityfocus.com/bid/66 |
| CVE Link: |
GENERIC-MAP-NOMATCH |
 |
|---|
| Glossary: |
TCPMUX |
|---|