A Security Vulnerability in the Solaris 10 inetd(1M) Service May Lead to a Denial of Service (DoS) Condition

A security vulnerability in the inetd(1M) service may allow a local unprivileged user the ability to shut down the inetd daemon process, causing a Denial of Service (DoS) to all internet services managed by the inetd(1M) process on the system.

Document Audience: PUBLIC
Document ID: 102921
Title: A Security Vulnerability in the Solaris 10 inetd(1M) Service May Lead to a Denial of Service (DoS) Condition
Copyright Notice: Copyright © 2007 Sun Microsystems, Inc. All Rights Reserved
Update Date: Tue May 29 00:00:00 MDT 2007

--------------------------------------------------------------------------------
Status Issued


Description Top

Sun(sm) Alert Notification
Sun Alert ID: 102921
Synopsis: A Security Vulnerability in the Solaris 10 inetd(1M) Service May Lead to a Denial of Service (DoS) Condition
Category: Security
Product: Solaris 10 Operating System
BugIDs: 6553649
Avoidance: Patch
State: Resolved
Date Released: 29-May-2007
Date Closed: 29-May-2007
Date Modified:
1. Impact
A security vulnerability in the inetd(1M) service may allow a local unprivileged user the ability to shut down the inetd daemon process, causing a Denial of Service (DoS) to all internet services managed by the inetd(1M) process on the system.

2. Contributing Factors
This issue can occur in the following releases:

SPARC Platform:

Solaris 10 without patch 121288-03
x86 Platform:

Solaris 10 without patch 121289-04
NOTE: Solaris 8 and 9 are not affected by this issue.

This issue affects all Solaris 10 systems with the inetd service enabled (svc:/network/inetd:default). To determine if the inetd service is enabled on a system, the following command can be run:

    $ svcs inetd

    STATE   STIME      FMRI

    online  11:23:16   svc:/network/inetd:default

If the command returns the state of the inetd service as 'online' (as in the above example) then the inetd service is enabled on the system.

3. Symptoms
Repeated attempts by unprivileged users to stop the inetd server may transition the inetd service to the "maintenance" state, thereby moving all internet services managed by inetd(1M) to the "offline" state.

To determine the state of the inetd service, the following command can be run:

    $ svcs inetd
    STATE          STIME      FMRI
    maintenance    12:00:23   svc:/network/inetd:default


Solution Summary Top

4. Relief/Workaround
To prevent this issue from occurring until the patches listed in section 5 can be applied, the Unix domain socket file "/var/run/.inetd.uds" may be deleted after the inetd server starts. If this file has been deleted, the following commands must be run (as 'root' user) to restart or disable the inetd service:

To restart the inetd service:

    # pkill inetd
To disable the inetd service:

    # svcadm disable inetd
    # pkill inetd


5. Resolution
This issue is addressed in the following releases:

SPARC Platform

Solaris 10 with patch 121288-03 or later
x86 Platform

Solaris 10 with patch 121289-04 or later


This Sun Alert notification is being provided to you on an "AS IS" basis. This Sun Alert notification may contain information provided by third parties. The issues described in this Sun Alert notification may or may not impact your system(s). Sun makes no representations, warranties, or guarantees as to the information contained herein. ANY AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT, ARE HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT YOU ACKNOWLEDGE THAT SUN SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE OUT OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN. This Sun Alert notification contains Sun proprietary and confidential information. It is being provided to you pursuant to the provisions of your agreement to purchase services from Sun, or, if you do not have such an agreement, the Sun.com Terms of Use. This Sun Alert notification may only be used for the purposes contemplated by these agreements.


Copyright 2000-2006 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.

Telegram Подписывайтесь на канал "SecurityLab" в Telegram, чтобы первыми узнавать о новостях и эксклюзивных материалах по информационной безопасности.