[24048] in bugtraq

home help back first fref pref prev next nref lref last post

Re: DoS bug on Tru64

daemon@ATHENA.MIT.EDU (Matt Chapman)
Thu Jan 31 14:31:18 2002

From: Matt Chapman <matthewc@cse.unsw.edu.au>
To: "Jason Johns - SAS(IT)" <JJohns@SAS.Samsung.com>
Date: Thu, 31 Jan 2002 16:32:39 +1100
Cc: bugtraq@securityfocus.com
Message-ID: <20020131163239.A3917@cse.unsw.edu.au>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <780CC4C56FFB894EA78E968F897D3F1A855EBC@exchange1.samsungaustin.com>

The same reproducibly occurs with ypbind on our Tru64 4.0D machines.  Tracing
it shows that it is probably an kernel rather than application bug.

select (4096, 0x11ffff608={0x00000060,...}, 0x0={}, 0x0={}, 0x11ffff608={}) = 1 [ , {0x00000020,...}, {}, {}, ]
accept (5, 0x11fffefc8, 0x11fffefc0=16) = 

That is, the select indicates that the socket is ready, but calling accept
blocks - presumably the connection has been dropped from the listen queue
in the meantime.

Matt



On Wed, Jan 30, 2002 at 10:27:21AM -0600, Jason Johns - SAS(IT) wrote:
> Today we were using nmap to scan our network and when we scanned our
> Tru64 machines, telnet and ftp froze and timed out. We could not make
> any connections to those ports and existing connections froze. New
> connections were denied for about a minute after the scan was finished.
> I've checked with Compaq and on Securityfocus and neither place has any
> knowledge of this. 
> 
> We are running Tru64 Unix 4.0D patch kit 3 on Alpha 4100's and 8400's.
> The nmap command line that was used is:
> nmap -T Polite -O -p 23,139 -oM /tmp/lst 'xxx.xxx.16-44.*' 
> 
> 
> /Jason Johns
> 

home help back first fref pref prev next nref lref last post