[20100] in bugtraq
Possible DoS to hosts running Veritas Netbackup
daemon@ATHENA.MIT.EDU (junk@LEVITATOR.ORG)
Mon Apr 9 05:26:47 2001
Message-ID: <200104061901.MAA05533@clarity.levitator.org>
Date: Fri, 6 Apr 2001 12:01:49 -0700
Reply-To: junk@LEVITATOR.ORG
From: junk@LEVITATOR.ORG
To: BUGTRAQ@SECURITYFOCUS.COM
Possible DoS for hosts running Veritas Netbackup Client
Tested OS: solaris 7
Netbackup Version: NetBackup-Solaris2.6 3.2GA
Cause a remote host running Veritas Netbackup client to
fully utilize it's cpu(s).
Here's the DoS. Run multiple nc (netcat) commands using a full
range of ports from some remote host against a host running
the netbackup client. Such as:
# nc -z -n -w 10 ip_host_to_attack 1-65535
# nc -z -n -w 10 ip_host_to_attack 1-65535
# nc -z -n -w 10 ip_host_to_attack 1-65535
You need to run n+1 netcats, where n is the number of cpu's, to use
all available cpu's on a box. So, a 2 processor box would require
3 netcats. I'm sure there's a more elegant way of doing this.
The offending process is bpjava-msvc. It's run from inetd.conf. The
exact reason this is happening is unclear. However, bpjava-msvc opens
on it's port defined in /etc/services, via inetd, then apparently opens
a arbitrary higher numbered port. netcat then connects to this port.
I don't care to speculate what happens next, because I don't know.
The higher numbered ports must not be blocked between the 2 hosts.
Scott Parks
