| VID |
11001 |
| Severity |
20 |
| Port |
113 |
| Protocol |
TCP |
| Class |
Info |
| Detailed Description |
The identd daemon has vulnerability, which advertises the username of network daemons running on the local system.
For a flaw in the design of the protocol, some versions of identd daemon return the username that owns the daemon running on the specified port on the local system when it receives an ident request.
The remote attackers can determine who is running daemons on high ports that can be security risks. They can also search for misconfigurations such as httpd running as root, other daemons running under the wrong UIDs. These information can be used to better understand your system configuration and can be useful to perform other attack.
* References:
http://www.iss.net/security_center/static/318.php
http://online.securityfocus.com/archive/1/4314 |
| Recommendation |
If it is not used on your system(s), disable the identd daemon by commenting out the identd line in inetd.conf. After this change has been made, inetd daemon will must be restarted as the command:
# kill -HUP PID
If identd is used, you should upgrade to a more recent identd daemon that doesn't report the UID information of local servers.
*Solaris 10, Solaris 11:
# svcadm disable svc:/network/inetd:default
*Enterprise Linux 6.4, CentOS 6.4, Fedora 19:
Open /etc/xinetd.d and set disable=yes
and then restart xinetd |
| Related URL |
CVE-1999-0629 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
