-
Notifications
You must be signed in to change notification settings - Fork 0
Chargen UDP Service Remote DoS
The Character Generator Protocol (Chargen) is an Internet service defined in RFC 864 that can be exploited for remote denial-of-service (DoS) attacks. When exploited, it sends a continuous stream of characters to a requesting host or an unwitting third party, leading to network saturation.
- Severity: High
The impact of a Chargen UDP Service Remote DoS attack is primarily network saturation, which can degrade performance or cause network outages. Systems that rely on network availability for operations may experience disruptions, potentially leading to significant downtime and associated costs.
The vulnerability is caused by the presence of an enabled Chargen service that responds to incoming UDP requests. This service, when exploited, sends random characters to the source port of the request, which can be spoofed to target a third party.
The best solution is to disable the Chargen service if it's not required, as it's often unnecessary in modern network environments.
- Open the Services management console (services.msc).
- Locate any service related to Chargen or similar diagnostic services and set their startup type to "Disabled".
- Restart the machine if necessary to ensure changes take effect.
- Check if inetd or xinetd is running the Chargen service. You can usually find it in /etc/inetd.conf or /etc/xinetd.d/chargen.
- Comment out the Chargen service line by adding a # at the beginning of the line.
- Restart the inetd or xinetd service. For example,
sudo service xinetd restart
.
- Access the configuration mode (usually via CLI).
- Disable the Chargen service. This command varies by vendor, e.g., no service tcp-small-servers and no service udp-small-servers on Cisco devices.
- Save the configuration and restart the device if necessary.
The following shows how an ACL on a Cisco router might be configured to block Chargen traffic:
access-list 100 deny udp any any eq 19
access-list 100 permit ip any any
interface [your_interface]
ip access-group 100 in
N/A
- Home - Return to this main page.
- Explore detailed vulnerability categories and entries via the sidebar.
- Microsoft Teams < 1.6.0.11166 Information Disclosure↗
- Microsoft Teams < 1.6.0.18681 RCE↗
- Microsoft Windows Unquoted Service Path Enumeration↗
- Microsoft XML Parser (MSXML) and XML Core Services Unsupported↗
- Security Updates for Microsoft .NET Framework↗
- Security Updates for Microsoft Office Products C2R↗
- Security Updates for Microsoft SQL Server↗
- Windows Defender Antimalware/Antivirus Signature Definition Check↗
- Windows Speculative Execution Configuration Check↗
- WinVerifyTrust Signature Validation CVE-2013-3900 Mitigation↗
- SSL Certificate Cannot Be Trusted↗
- SSL Certificate Chain Contains RSA Keys Less Than 2048 bits↗
- SSL Certificate with Wrong Hostname↗
- SSL Medium Strength Cipher Suites Supported (SWEET32)↗
- SSL Self-Signed Certificate↗
- SSL/TLS Diffie-Hellman Modulus <= 1024 Bits (Logjam)↗
- TLS Version 1.0 Protocol Detection↗
- TLS Version 1.1 Protocol Deprecated↗
- Apache 2.4.x < 2.4.58 Multiple Vulnerabilities↗
- Apache Log4j Vulnerabilities↗
- Apache Solr Unauthenticated Access Information Disclosure↗
- Apache Struts Vulnerabilities↗
- Apache Tomcat Vulnerabilities↗
- Amazon Corretto Java 11.x < 11.0.19.7.1 Multiple Vulnerabilities↗
- OpenJDK Vulnerabilities↗
- Oracle Java SE Vulnerabilities↗
- 7-Zip < 23.00 Multiple Vulnerabilities↗
- Adobe Acrobat Vulnerabilities↗
- AMQP Cleartext Authentication↗
- Artifex Ghostscript < 10.2.1 DoS↗
- Chargen UDP Service Remote DoS↗
- Curl 7.84 <= 8.2.1 Header DoS (CVE-2023-38039)↗
- Echo Service Detection↗
- HSTS Missing From HTTPS Server (RFC 6797)↗
- HTTP TRACE / TRACK Methods Allowed↗
- Insecure Windows Service Permissions↗
- Keepass < 2.54 Information disclosure↗
- Notepad++ < 8.5.7 Multiple Buffer Overflow Vulnerabilities↗
- Quote of the Day (QOTD) Service Detection↗
- VMware Tools 10.3.x / 11.x / 12.x < 12.3.5 Token Bypass↗
- X Server Detection↗
- Template -> Use this template for new vulnerabilities