IBM eventsmanager-multiple-xss, Wind River BSDOS, HP HP-UX, SGI IRIX, Linux Kernel, Sun Solaris, IBM OS2, Microsoft Windows 95, Data General DG/UX, Microsoft Windows NT: 4.0, Microsoft Windows 98, Novell NetWare, SCO SCO Unix, Microsoft Windows 98SE, Microsoft Windows 2000, Cisco IOS, Microsoft Windows Me, Compaq Tru64, Microsoft Windows XP, Apple Mac OS, Microsoft Windows 2003 Server, Microsoft Windows Vista, Microsoft Windows 7, Microsoft Windows Server 2008, Microsoft Windows Server 2008: R2, Microsoft Windows Server 2012, Microsoft Windows 8
Denial of Service
The chargen service was detected as running. The chargen (port 19) service can be spoofed into sending data from one service on one computer to another service on another computer. This action causes an infinite loop and creates a denial of service attack. The attack can consume increasing amounts of network bandwidth, causing loss of performance or a total shutdown of the affected network segments.
In addition, URLs such as "http://localhost:19" could cause a similar denial of service to a system running Lynx and chargen. Netscape Navigator disallows access to port 19 and is not vulnerable.
This attack can effectively disable a Unix server by causing it to spend all its time processing packets that it has echoed back to itself.
Disable the service, unless it is needed.
In Unix: To disable chargen when started from inetd:
Windows: The chargen service is not native to Windows, but may be present.
CAUTION: Use Registry Editor at your own risk. Any change using Registry Editor may cause severe and irreparable damage and may require you to reinstall your operating system. Internet Security Systems cannot guarantee that problems caused by the use of Registry Editor can be solved.
To disable only the chargen service:
Disable the chargen port as described in Novell Technical Information Document #2946023:
CERT Advisory CA-1996-01
UDP Port Denial-of-Service Attack
BugTraq Mailing List, Mon, 10 Mar 1997 15:05:20 -0500
Novell Technical Information Document #2946023
TCPIP blocking ports (7, 9, 19, etc)
Chargen denial of service