Linux tftp, talk, ntalk Services Misconfiguration Vulnerability

漏洞信息

漏洞名称: Linux tftp, talk, ntalk Services Misconfiguration Vulnerability

漏洞类型: 配置问题

漏洞等级: 高危

漏洞描述: 该漏洞涉及Linux系统中通过xinetd管理的tftp、talk和ntalk服务的不当配置。xinetd是一个强大的服务管理守护进程,用于控制对网络服务的访问。这些服务如果未正确禁用,可能会被攻击者利用已知漏洞进行攻击。漏洞的技术根源在于服务配置文件中未设置disable = yes,导致这些可能不必要且潜在危险的服务保持启用状态。这种配置问题属于系统管理疏忽,可能导致信息泄露或服务被滥用。由于这些服务可能包含已知的安全漏洞,启用它们会增加系统被攻击的风险。攻击者可能无需认证即可利用这些服务的漏洞,进行远程代码执行或数据泄露等恶意活动。因此,对于运行这些服务的系统,建议检查并确保它们在xinetd配置中被正确禁用,以降低潜在的安全风险。

产品名称: Linux xinetd

来源: https://github.com/projectdiscovery/nuclei-templates/blob/dfc176303ffebe3d9f231045fa3abe2cf2ca9874/misconfiguration%2Flinux%2Flinux-xinetd-tftp-talk-disabled.yaml

类型: projectdiscovery/nuclei-templates:github issues

POC详情

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47

id: linux-xinetd-tftp-talk-disabled

info:
name: Linux tftp, talk, ntalk Services Should Be Disabled
author: songyaeji
severity: high
description: >
Unused services like tftp, talk, or ntalk may have known vulnerabilities.
If these are enabled, they could be targeted by attackers.
This template checks if they are properly disabled in the xinetd configuration.
reference:
- https://isms.kisa.or.kr
- Cloud Vulnerability Assessment Guide(2024) by KISA
tags: linux,tftp,talk,ntalk,xinetd,service,misconfiguration
metadata:
os: linux
category: system
verified: true
classification:
cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
cvss-score: 6.2
cwe-id: CWE-732

self-contained: true

code:
- engine:
- bash
source: |
for svc in tftp talk ntalk; do
file="/etc/xinetd.d/$svc"
if [ -f "$file" ]; then
if grep -q "disable[[:space:]]*=[[:space:]]*yes" "$file"; then
echo "[SAFE] $svc is disabled."
else
echo "[VULNERABLE] $svc is not disabled in $file."
fi
else
echo "[SAFE] $svc service config file not found. Assuming not installed."
fi
done
matchers:
- type: word
words:
- "[VULNERABLE] $svc is not disabled in"


Linux tftp, talk, ntalk Services Misconfiguration Vulnerability
http://example.com/2025/07/31/github_384547825/
作者
lianccc
发布于
2025年7月31日
许可协议