[24048] in bugtraq
Re: DoS bug on Tru64
daemon@ATHENA.MIT.EDU (Matt Chapman)
Thu Jan 31 14:31:18 2002
From: Matt Chapman <matthewc@cse.unsw.edu.au>
To: "Jason Johns - SAS(IT)" <JJohns@SAS.Samsung.com>
Date: Thu, 31 Jan 2002 16:32:39 +1100
Cc: bugtraq@securityfocus.com
Message-ID: <20020131163239.A3917@cse.unsw.edu.au>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <780CC4C56FFB894EA78E968F897D3F1A855EBC@exchange1.samsungaustin.com>
The same reproducibly occurs with ypbind on our Tru64 4.0D machines. Tracing
it shows that it is probably an kernel rather than application bug.
select (4096, 0x11ffff608={0x00000060,...}, 0x0={}, 0x0={}, 0x11ffff608={}) = 1 [ , {0x00000020,...}, {}, {}, ]
accept (5, 0x11fffefc8, 0x11fffefc0=16) =
That is, the select indicates that the socket is ready, but calling accept
blocks - presumably the connection has been dropped from the listen queue
in the meantime.
Matt
On Wed, Jan 30, 2002 at 10:27:21AM -0600, Jason Johns - SAS(IT) wrote:
> Today we were using nmap to scan our network and when we scanned our
> Tru64 machines, telnet and ftp froze and timed out. We could not make
> any connections to those ports and existing connections froze. New
> connections were denied for about a minute after the scan was finished.
> I've checked with Compaq and on Securityfocus and neither place has any
> knowledge of this.
>
> We are running Tru64 Unix 4.0D patch kit 3 on Alpha 4100's and 8400's.
> The nmap command line that was used is:
> nmap -T Polite -O -p 23,139 -oM /tmp/lst 'xxx.xxx.16-44.*'
>
>
> /Jason Johns
>
