|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-0: CVE-2003-0251: ypserv: denial-of-service attack in ypserv | ||
|---|---|---|---|
| Product: | [Novell Products] SUSE Security Incidents | Reporter: | Thomas Biege <thomas> |
| Component: | Incidents | Assignee: | Security Team bot <security-team> |
| Status: | RESOLVED FIXED | QA Contact: | Security Team bot <security-team> |
| Severity: | Normal | ||
| Priority: | P3 - Medium | CC: | security-team |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | CVE-2003-0251: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) | ||
| Found By: | --- | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
|
Description
Thomas Biege
2003-06-26 15:16:45 UTC
<!-- SBZ_reproduce --> - You can start a denial-of-service attack on ypserv, as you can do with every RPC based service. That we fork for one function (from 12) does not prevent a user from creating such an attack with the help of another function. There are a lot of possibilities for such an attack, no of them is fixable. If RH uses the default limit, you need now 40 connections to stop the daemon. If you don't limit the number of connections, you can overflow the process table and eat all memory on the server. This would be even possible with a slow dialup connection and a very old i386 PC, you don't need more resources than before (I have a nice multithreaded program for doing so). We plan to make a ypserv update estimated next week, but for other reasons (Fixing some errors in the protocol, where as result ypcat on Solaris could hang forever and possible corruption of the master name of a map on the slave side, nothing is fixed in RHs update). Ok, I see. Time for closing this I think... Close it, a 2.9 update is on the way. CVE-2003-0251: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) |