Cheops-ng A Network Management Tool / Bugs / #8 denials of service

#8 denials of service

Status: open

Owner: nobody

Labels: None

Priority: 5

Updated: 2005-11-07

Created: 2005-11-07

Creator: Michel Arboi

Private: No

4. If cheops-agent receives a message that is exactly
65356 byte long, it prints an error message and exits.
This is just a DoS, there is no buffer overflow.

5. If you repeatedly open connections, send an invalid
message and close the connection, cheops-agent does not
properly release file descriptors and fails with
"accept failed: Too many open files". It is then
impossible to connect to the agent -- it closes the
connection immediately.
lsof shows kazillons of connections in CLOSE_WAIT state.
This DoS can be reproduced with amapcrap (from the Amap
package, from http://www.thc.org\)
amapcrap 127.0.0.1 2300 # for example

Discussion

Michel Arboi - 2005-11-07

Logged In: YES
user_id=923614

Mmmhhh.... Looks fixed in CVS.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Michel Arboi - 2005-11-07

status: open --> open-out-of-date
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Michel Arboi - 2005-11-07

Logged In: YES
user_id=923614

Oops. Point (4) is fixed, but not point (5). amapcrap still
kills the beast.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Michel Arboi - 2005-11-07

status: open-out-of-date --> open
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

denials of service

Group

Searches

Help

#8 denials of service

Discussion