The way in.identd is started by inetd from a standard /etc/inetd.conf on
a SuSE Linux distribution may be exploited to mount a Denial-of-Service
attack against the system.
When inetd starts in.identd with the "wait" flag and the "-w -t120"
options, the in.identd will start to listen on the well known port
while inetd deactivates its own listener for the time in.identd
is alive.
A buffer overflow has been found in libtermcap's tgetent() function.
If a setuid root program uses this function, the user could execute
arbitrary code. SuSE Linux 6.0, 6.1 and 6.2 are not affected, since
the only program using libtermcap is bc. This program is not setuid
root.
xmonisdn which is part of the i4l package is installed setuid root
by default.
To control and display the status of the ISDN network connections
xmonisdn uses external programs, which are executed by the system()
systemcall, without taking care of a safe environment.
The problem arises by old libc, that don't overwrite the IFS environment
variable.
a) A setuid root installed smbmnt could lead to a security breach due to
a race condition.
b) The NetBIOS name server nmbd is vulnerable to a denial-of-service attack.
c) The message service of the SMB-/CIFS-server has got a buffer overflow.