Re: [Nagios-devel] (Fwd) Denial of Service Vulnerability in Nagios
Posted: Tue Jul 22, 2003 6:30 pm
Thanks for the patch Karl. I just released 1.9 for people to test.
On 21 Jul 2003 at 23:54, Karl DeBisschop wrote:
> On Mon, 2003-07-21 at 20:35, Karl DeBisschop wrote:
> > On Mon, 2003-07-21 at 18:54, Ethan Galstad wrote:
> >
> > > Anyone have any thoughts or comments on this?
> >
> > I may see it.
> >
> > Line 589 starts a loop listening for a connection. If there is an error
> > on the connection, you jump out to line 597
> >
> > I think the repeated SYNs might be seen as an error - maybe
> > ECONNABORTED.
> >
> > If so, you return on line 605, for my quick lok return to the main
> > routine. That return would close NRPE.
>
> I have tried to reproduce the DOS with nrpe from CVS compiled on Linux
> (using namp to create the SYN connections). Unfortunately, that
> combination does not produce the bug.
>
> Can anyone else reporduce the bug?
>
> That issue notwithstanding, I have looked more at the code, and I do
> feel the above analysis is a problem, even if it is not the problem at
> hand. IMHO, wait_for_connections() just ought not return until after the
> fork. A possible patch is attached.
>
> --
> Karl
>
Ethan Galstad,
Nagios Developer
---
Email: [email protected]
Website: http://www.nagios.org
This post was automatically imported from historical nagios-devel mailing list archives
Original poster: [email protected]
On 21 Jul 2003 at 23:54, Karl DeBisschop wrote:
> On Mon, 2003-07-21 at 20:35, Karl DeBisschop wrote:
> > On Mon, 2003-07-21 at 18:54, Ethan Galstad wrote:
> >
> > > Anyone have any thoughts or comments on this?
> >
> > I may see it.
> >
> > Line 589 starts a loop listening for a connection. If there is an error
> > on the connection, you jump out to line 597
> >
> > I think the repeated SYNs might be seen as an error - maybe
> > ECONNABORTED.
> >
> > If so, you return on line 605, for my quick lok return to the main
> > routine. That return would close NRPE.
>
> I have tried to reproduce the DOS with nrpe from CVS compiled on Linux
> (using namp to create the SYN connections). Unfortunately, that
> combination does not produce the bug.
>
> Can anyone else reporduce the bug?
>
> That issue notwithstanding, I have looked more at the code, and I do
> feel the above analysis is a problem, even if it is not the problem at
> hand. IMHO, wait_for_connections() just ought not return until after the
> fork. A possible patch is attached.
>
> --
> Karl
>
Ethan Galstad,
Nagios Developer
---
Email: [email protected]
Website: http://www.nagios.org
This post was automatically imported from historical nagios-devel mailing list archives
Original poster: [email protected]