COMMAND

    chargen port

SYSTEMS AFFECTED

    Systems having port 19 enabled

PROBLEM

    Doctor Who posted following vulnerability.

    Many systems run a service called "chargen" on port 19. It  simply
    generates a never-ending stream of characters.

    If an MSIE or  Lynx user connects to  a chargen, the browser  will
    act as though viewing a  file of infinite length. This  has caused
    a modem connection to drop  using MSIE, and slowed a  Linux system
    using lynx to a crawl due to exhaustion of memory. Both  processes
    were aborted before any further damage was caused.

    A  URL  such  as  http://localhost:19  could  cause the "flooding"
    damage  to  a  system  running  lynx  and  chargen to occur almost
    instantly, because the characters would  of course come at a  much
    higher speed.

    Christopher Blizzard pointed out that you can also create a serios
    DOS attack when this is combined  with a proxy server.  Using  the
    URL:

        http://some.proxy.host/http://some.host.on.the.local.lan:19/

    This can bring some machines to a screaming halt.

    Also try this:

    <IMG src="telnet://localhost:19/"> and  the like as  well as
    direct tty access bugs <A href="file:/dev/tty">Click here to
    lock up lynx</A>

SOLUTION

    The CHARGEN service has other security implications and should  be
    turned off in normal system operation.

    Netscape Navigator disallows access  to port 19. This  is probably
    the best,  easiest fix  to this  problem. Further  work should  be
    done to figure out what other services could cause problems.