lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20030709113300.GD3968@felinemenace.org>
Date: Wed, 9 Jul 2003 04:33:00 -0700
From: andrewg@...inemenace.org
To: bugtraq@...urityfocus.com
Subject: Coda RPC2 Denial of Serviec


                     _,'|             _.-''``-...___..--';)
                     /_ \'.      __..-' ,      ,--...--'''
                    <\    .`--'''       `     /'
                    `-';'               ;   ; ;
               __...--''     ___...--_..'  .;.'
           fL (,__....----'''       (,..--''  felinemenace.org

Program: Coda 6.0.1 and probably below
Impact: Denial of service of all programs using RPC2
Discovered: Andrew Griffiths

1) Background

   Coda is an advanced network filesystem that features many things not found
   in other packages.

2) Description

   Programs using the RPC2 library can be killed remotely by sending malformed
   packets to the services.

3) Notes

   Nothing special, although it was disturbingly easy to find.

4) Vendor status/notes/fixes/statements

   coda@...cmu.edu was contacted, and Jan Harkes responded:

From: Jan Harkes <jaharkes@...cmu.edu>

On Sun, Jul 06, 2003 at 02:32:57AM -0700, andrewg@...inemenace.org wrote:
> While do some testing, I noticed I could reproducably trigger an assert
> condition in the rpc2 code (I think its there).
>
> I managed to take out pretty much my test serverside of the coda setup.

Yeah, there are assertions sprinkled all over the place. The closer a
packet resembles a valid rpc2 packet, the more likely it is that some
assertion will get triggered.

I've committed a fix for this case (and a couple of others in the same
area) to CVS.

Jan

References:
        Main coda page: http://coda.cs.cmu.edu
        Coda Denial of service code: http://felinemenace.org/exploits.html



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ