COMMAND

    portmap

SYSTEMS AFFECTED

    Systems running portmap

PROBLEM

    Michal Zalewski  found following.   It's possible  to perform  DoS
    attack by sending small amount of junk to tcp port 111 of  machine
    running portmap 4.0 (and older;  this was tested under Linux  with
    portmap 4.0-8).  Simple exploit follows (only to send a few random
    8-bit chars):

        telnet -E victim.com 111 </dev/random

    It will affect specific operations/services on attacked host, like
    login - depending on system  speed, login attempt on idle  machine
    (LA=0.01,  Linux  2.0.x,  x86)  will  take  from  over  10 seconds
    (k6/200MHz) to  long minutes  (486dx/80MHz).   During attack, many
    select()  calls  will  fail  (timeout),  so  complex programs will
    become much slower (especially  when resolving domain names),  but
    LA  will  not  change  significally.   Smarter  attacks   (without
    /dev/random) are probably  much more effective.   More about  this
    read in 'rpc applications' under mUNIXes section.

SOLUTION

    This is  bug in  (g)libc and  rpc developers  don't see any simple
    solution yet.