identd response could indicate that SMTP host is vulnerable
| identd-vuln (61) |  Low Risk |
Description:
An identd response on port 113 was detected. Identd is a daemon that looks up specific TCP/IP connections and returns the username (and optionally other information) of the process owning the connection.
Some vulnerable applications, such as some versions of sendmail and Telnet, transmit a response back to port 113 of the originating computer to determine the identity of the originator. This behavior may help an attacker identify a vulnerable operating system or application.
Consequences:
Gain Access
Remedy:
For Sendmail:
Upgrade to the lastest version of Sendmail (8.7.6 or later), as listed in CERT Advisory CA-1996-20. See References.
For other applications that generate identd responses, contact your vendor for patch or upgrade information.
References:
- CERT Advisory CA-1996-20: Sendmail Vulnerabilities.
- Sendmail Consortium Web site: Sendmail recent versions.
- CVE-1999-0629: The ident/identd service is running.
Platforms Affected:
- Compaq Tru64
- Data General DG/UX
- HP HP-UX
- IBM AIX
- Linux Kernel
- Microsoft Windows 2000
- Microsoft Windows 2003 Server
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows Me
- Microsoft Windows NT 4.0
- Microsoft Windows XP
- SCO SCO Unix
- Sendmail Sendmail
- SGI IRIX
- Sun Solaris
- WindRiver BSDOS
Reported:
Jul 01, 1997
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net