A Local or Remote Unprivileged User May be Able to Cause a Denial of Service (DoS) of an FTP Server

Category
Security

Release Phase
Resolved

Product
Solaris 7 Operating System
Solaris 8 Operating System

Bug Id
5108531

Date of Resolved Release
07-FEB-2005

Impact

A local or remote unprivileged user may be able to cause a Denial of Service (DoS) of an FTP server by using up all of the ports in the system.

This issue is described in CVE-1999-0079 which is available at http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0079.

Contributing Factors

This issue can occur in the following releases:

SPARC Platform

Solaris 7 without patch 110646-06
Solaris 8 without patch 111606-05

x86 Platform

Solaris 7 without patch 110647-06
Solaris 8 without patch 111607-05

Note: Solaris 9 is not affected by this issue.

Symptoms

A number of ports that are unused will be in a "listen" state. To display this condition:

1) Determine the process id (pid) of the in.ftpd(1M) process or processes on the system using pgrep(1). For example:

    $ /usr/bin/pgrep in.ftpd

2) Next, issue the pfiles(1) command as the root user for each pid displayed and check for a large number of ports in the "listen" state. The following command can be run as the root user to execute pfiles(1) against all of the in.ftpd(1M) processes on the system:

    # /usr/proc/bin/pfiles `/usr/bin/pgrep in.ftpd`

Workaround

There is no workaround. Please see the "Resolution" section below.

Resolution

This issue is addressed in the following releases:

SPARC Platform

Solaris 7 with patch 110646-06 or later
Solaris 8 with patch 111606-05 or later

x86 Platform

Solaris 7 with patch 110647-06 or later
Solaris 8 with patch 111607-05 or later

Modification History

References

110646-06
111606-05
110647-06
111607-05

Attachments

This solution has no attachment