Linux tftp, talk, ntalk Services Should Be Disabled

漏洞信息

漏洞名称： Linux tftp, talk, ntalk Services Should Be Disabled

漏洞类型： 配置问题

漏洞等级： 高危

漏洞描述： 该漏洞涉及Linux系统中的xinetd配置问题，具体是关于tftp、talk和ntalk服务的未禁用问题。xinetd是一个强大的守护进程，用于管理网络服务，而tftp、talk和ntalk是较少使用的服务，如果这些服务未被禁用，可能会成为攻击者的目标。漏洞的根源在于这些服务的配置文件中未正确设置“disable = yes”，导致服务可能被意外启用。由于这些服务可能存在已知的安全漏洞，攻击者可以利用这些漏洞进行攻击，如执行任意代码、数据泄露或服务拒绝等。由于这些服务通常不需要认证，攻击者可以无需认证即可利用这些漏洞。因此，对于运行Linux系统的服务器，特别是那些面向互联网的服务器，管理员应确保这些不必要的服务被正确禁用，以减少潜在的安全风险。

产品名称： Linux xinetd

来源： https://github.com/projectdiscovery/nuclei-templates/blob/1dc5e4c5a7e3689548a72d7cb2a00b803fccc824/misconfiguration%2Flinux%2Flinux-xinetd-tftp-talk-disabled.yaml

类型： projectdiscovery/nuclei-templates:github issues

POC详情

id: linux-xinetd-tftp-talk-disabled

info:
  name: Linux tftp, talk, ntalk Services Should Be Disabled
  author: songyaeji
  severity: high
  description: >
    Unused services like tftp, talk, or ntalk may have known vulnerabilities.
    If these are enabled, they could be targeted by attackers.
    This template checks if they are properly disabled in the xinetd configuration.
  reference:
    - https://isms.kisa.or.kr
    - Cloud Vulnerability Assessment Guide(2024) by KISA
  tags: linux,tftp,talk,ntalk,xinetd,service,misconfiguration
  metadata:
    os: linux
    category: system
    verified: true
  classification:
    cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
    cvss-score: 6.2
    cwe-id: CWE-732

self-contained: true

code:
  - engine:
      - bash
    source: |
      for svc in tftp talk ntalk; do
        file="/etc/xinetd.d/$svc"
        if [ -f "$file" ]; then
          if grep -q "disable[[:space:]]*=[[:space:]]*yes" "$file"; then
            echo "[SAFE] $svc is disabled."
          else
            echo "[VULNERABLE] $svc is not disabled in $file."
          fi
        else
          echo "[SAFE] $svc service config file not found. Assuming not installed."
        fi
      done
    matchers:
      - type: word
        words:
          - "[VULNERABLE] $svc is not disabled in"