COMMAND
	    inetd
SYSTEMS AFFECTED
	    FreeBSD 3.x, 4.x
PROBLEM
	    'dynamo'  found  following.    The  inetd   ident  server  is   an
	    implementation of the RFC1413 identification server which  returns
	    the local username of the user connecting to a remote service.
	    During internal auditing, the  internal ident server in  inetd was
	    found to incorrectly set  group privileges according to  the user.
	    Due to ident  using root's group  permissions, users may  read the
	    first 16 (excluding initial whitespace) bytes of  wheel-accessible
	    files.  This  is only true  if the internal  ident service is  run
	    using the '-f' flag.
	    An additional  problem with  the '-f'  flag is  that under certain
	    circumstances  the  child  inetd  process  can  be  made to block,
	    potentially  allowing  a  resource  starvation  condition  on  the
	    server.
	    Users can read the first  16 bytes of wheel-accessible files.   To
	    determine which  may be  potentially read,  execute the  following
	    command as root:
	
	        # find / -group wheel \( -perm -40 -a \! -perm +4 \) -ls
	
	    The inetd internal ident server is not enabled by default.  If you
	    have  not  enabled  the  ident  portion  of  inetd,  you  are  not
	    vulnerable.
SOLUTION
	    Disable the  internal ident  server, if  enabled: comment  out all
	    lines  beginning  with  "auth"  in  /etc/inetd.conf,  then restart
	    inetd by sending it a SIGHUP:
	
	        # killall -HUP inetd
	
	    Fix:
	
	        ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:11/inetd-4.2.patch
	        ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:11/inetd-3.5.1.patch