COMMAND

    inetd

SYSTEMS AFFECTED

    Data General (DG/UX 5.4R3.10)

PROBLEM

    Following is based on BlackHats Security Advisory.  The inetd (see
    also: "man  8 inetd")  daemon in  any UNIX  like operating  system
    is used  to listen  to any  incoming connections  on the  ports as
    specified in  the /etc/inetd.conf  (also described  in the  manual
    page)  file  and  start  the  service   connected  to that port as
    specified in the same file.  The purpose of having one such  super
    daemon is to save memory space and make it easier to startup other
    daemons  as  well.   The  overhead  of  the necessary fork/exec is
    justified for a normally loaded system.  Processes started by  the
    inetd daemon include, but are not limited to, "ftp", "telnet"  and
    "finger".

    When  using  the  nmap  scanner,  developed  by  Fyodor to try and
    determine  what  operating  system  the  remote target is actually
    running  (using  a  technique  named  "stack fingerprinting"), the
    inetd daemon  will change  to such  a state  that it  is therafter
    no longer  capable of  spawning new  services.   The only  current
    solution being a  restart of the  inetd daemon by  the operator of
    the Data General system.

    Affected are Data General systems running DG/UX R4.20MU04/05 and
    R4.11MU06 (M88k) and perhaps other versions of this operating
    system as well (unable to verify this because these were
    unavailable).

    The following  is the  minimal command  used to  actually deny all
    services started by inetd (which listens to the ftp port (21)):

        nmap -O -p 21 <target>

    To be on the safe side  (and the actual command issued which  lead
    to this  advisory) you  can also  use the  following stealty  scan
    of the reserved ports of the Data General DG/UX system:

        nmap -v -O -sS -p1-1023 <target>

SOLUTION

    The  only  exception  able  to  verify  was  the  DG/UX  B2 system
    (R4.20MU04), which seemed not effected  by this scan.  Black  Hats
    notified  Data  General  of  this  problem  in  the second week of
    february, and finally received patch tcpip_R4.20MU04.p11.