CVE

Id
215  
CVE No.
CVE-1999-0216  
Status
Candidate  
Description
Denial of service of inetd on Linux through SYN and RST packets.  
Phase
Modified (19991203-01)  
Votes
ACCEPT(1) Hill | MODIFY(2) Baker, Frech | RECAST(1) Meunier  
Comments
Meunier> The location of the vulnerability, whether in the Linux kernel or the | application, is debatable. Any program making the same (reasonnable) | assumption is vulnerable, i.e., implements the same vulnerability: | "Assumption that TCP-three-way handshake is complete after calling Linux | kernel function accept(), which returns socket after getting SYN. Result | is process death by SIGPIPE" | Moreover, whether it results in DOS (to third parties) depends on the | process that made the assumption. | I think that the present entry should be split, one entry for every | application that implements the vulnerability (really describing threat | instances, which is what other people think about when we talk about | vulnerabilities), and one entry for the Linux kernel that allows the | vulnerability to happen. | Frech> XF:hp-inetd | XF:linux-inetd-dos | Baker> Since we have an hpux bulletin, the description should not specifically say Linux, should it? It applies to mulitple OS and should be likely either modified, or in extreme case, recast  

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
508 215 CVE-1999-0216 BUGTRAQ:19971130 Linux inetd..  View
509 215 CVE-1999-0216 XF:linux-inetd-dos  View
510 215 CVE-1999-0216 HP:HPSBUX9803-077  View

Related JVN