• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: rwhod Remote Denial of Service Vulnerability

Severity: MODERATE

Description:

The rwhod daemon maintains a table of logged in users and other information from networked machines; this information is broadcast on the network. The FreeBSD implentation of this daemon (and possibly others, although this is unverified) fails to check the size of incoming rwhod packets (as defined by the "struct whod" in the rwhod source code). Sending an unexpectedly short package to a remote rwhod daemon, which normally resides on port 513 (UDP) when active, results in an error that crashes the rwhod daemon. Specifically, the subtraction operation resulting in an unsigned integer, defined by the operation "(cc-WHDRSIZE)/sizeof(struct whoent)" (where cc is the size of the received data), can cause a later comparison to fail when cc < WHDRSIZE. Although a failure of this daemon does not directly affect other operating system functions and does not provide any privilege elevation it constitutes unexpected behavior; other components (if any) that are reliant upon rwhod may also fail.

Affected Products:

• Apple Mac OS X 10.0.0
• Apple Mac OS X 10.0.1
• Apple Mac OS X 10.0.2
• Apple Mac OS X 10.0.3
• Apple Mac OS X 10.0.4
• FreeBSD FreeBSD 3.0.0
• FreeBSD FreeBSD 3.1.0
• FreeBSD FreeBSD 3.1.0 x
• FreeBSD FreeBSD 3.2.0
• FreeBSD FreeBSD 3.2.0 x
• FreeBSD FreeBSD 3.3.0
• FreeBSD FreeBSD 3.3.0 x
• FreeBSD FreeBSD 3.4.0
• FreeBSD FreeBSD 3.4.0 x
• FreeBSD FreeBSD 3.5.0
• FreeBSD FreeBSD 3.5.0 -STABLEpre122300
• FreeBSD FreeBSD 3.5.0 x
• FreeBSD FreeBSD 3.5.1
• FreeBSD FreeBSD 3.5.1 -RELEASE
• FreeBSD FreeBSD 3.x
• FreeBSD FreeBSD 4.0.0
• FreeBSD FreeBSD 4.0.0 .x
• FreeBSD FreeBSD 4.1.0
• FreeBSD FreeBSD 4.1.1
• FreeBSD FreeBSD 4.1.1 -RELEASE
• FreeBSD FreeBSD 4.1.1 -STABLE
• FreeBSD FreeBSD 4.2.0
• FreeBSD FreeBSD 4.2.0 -RELEASE
• FreeBSD FreeBSD 4.2.0 -STABLEpre122300

References:

• Mark Huizer: bin/14844: DoS: remote rwhod crash

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.