Detections
Analytics

fake identd (fakeidentd) Fragmented Packet Request Remote Overflow

critical Nessus Plugin ID 11054

Synopsis

The identd server is prone to a remote buffer overflow attack.

Description

The identd server on this port seems to be a version of fake identd that fails to properly validate user input before copying it into a buffer of fixed size. By splitting data into two or more packets, an anonymous remote attacker can overflow the input buffer and execute arbitrary code with root privileges.

Solution

Either disable the service if it's not required or upgrade to Fake Identd version 1.5 as that reportedly is not affected by this vulnerability.

See Also

https://seclists.org/bugtraq/2002/Jul/370

Plugin Details

Severity: Critical

ID: 11054

File Name: fake_identd.nasl

Version: 1.23

Type: remote

Published: 7/30/2002

Updated: 11/15/2018

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Required KB Items: Settings/ParanoidReport

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 7/29/2002

Reference Information

CVE: CVE-2002-1792

BID: 5351