Vulnerability Development mailing list archives

Possible DoS attack against Sun Ray Servers?


From: Hanspeter Schmid <hps () bernafon ch>
Date: Thu, 6 Dec 2001 08:00:56 +0100

Hello Bugtraqers,

yesterday I tried an nmap scan from one of my servers
to my SunRay server, with

  nmap -O 10.50.2.4

Immediately, the SunRay Server reacted with

Dec  5 09:21:12 brnray utauthd: [ID 387677 user.info] WatchIO UNEXPECTED:
utauthd.watchIOEvent: java.net.SocketException: Software caused connection
abort
Dec  5 09:21:12 brnray utauthd: [ID 191561 user.info] Worker1 UNEXPECTED:
CB.taskEvent:read failed : e = java.net.SocketException: Connection reset by
peer: Connection reset by peer

From then on, things got worse and worse.  Sessions would
not restart after a logout, one session got stuck with a
black screen, and the SunRay admin port 7010, although
still recognized as open by nmap, would not answer telnet
anymore.

I soon rebooted because brnray is a productive system.

Does anybody have an idea what's up?  Anybody in for
trying to reproduce it?  I can't, because I have ten
engineers working on that server ...

Oh, by the way: It's SunRay Server Software 1.3 on Solaris 8,
the SunRay subnet has a dedicated ethernet card / switch.

Slainte!
Hanspi


Current thread: