Full Disclosure mailing list archives
Coda RPC2 Denial of service
From: andrewg () felinemenace org
Date: Wed, 9 Jul 2003 04:31:58 -0700
_,'| _.-''``-...___..--';) /_ \'. __..-' , ,--...--''' <\ .`--''' ` /' `-';' ; ; ; __...--'' ___...--_..' .;.' fL (,__....----''' (,..--'' felinemenace.org Program: Coda 6.0.1 and probably below Impact: Denial of service of all programs using RPC2 Discovered: Andrew Griffiths 1) Background Coda is an advanced network filesystem that features many things not found in other packages. 2) Description Programs using the RPC2 library can be killed remotely by sending malformed packets to the services. 3) Notes Nothing special, although it was disturbingly easy to find. 4) Vendor status/notes/fixes/statements coda () cs cmu edu was contacted, and Jan Harkes responded: From: Jan Harkes <jaharkes () cs cmu edu> On Sun, Jul 06, 2003 at 02:32:57AM -0700, andrewg () felinemenace org wrote:
While do some testing, I noticed I could reproducably trigger an assert condition in the rpc2 code (I think its there). I managed to take out pretty much my test serverside of the coda setup.
Yeah, there are assertions sprinkled all over the place. The closer a packet resembles a valid rpc2 packet, the more likely it is that some assertion will get triggered. I've committed a fix for this case (and a couple of others in the same area) to CVS. Jan References: Main coda page: http://coda.cs.cmu.edu Coda Denial of service code: http://felinemenace.org/exploits.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Coda RPC2 Denial of service andrewg (Jul 09)