BugTraq
Coda RPC2 Denial of Serviec Jul 09 2003 11:33AM
andrewg felinemenace org
_,'| _.-''``-...___..--';)
/_ \'. __..-' , ,--...--'''
<\ .`--''' ` /'
`-';' ; ; ;
__...--'' ___...--_..' .;.'
fL (,__....----''' (,..--'' felinemenace.org

Program: Coda 6.0.1 and probably below
Impact: Denial of service of all programs using RPC2
Discovered: Andrew Griffiths

1) Background

Coda is an advanced network filesystem that features many things not found
in other packages.

2) Description

Programs using the RPC2 library can be killed remotely by sending malformed
packets to the services.

3) Notes

Nothing special, although it was disturbingly easy to find.

4) Vendor status/notes/fixes/statements

coda (at) cs.cmu (dot) edu [email concealed] was contacted, and Jan Harkes responded:

From: Jan Harkes <jaharkes (at) cs.cmu (dot) edu [email concealed]>

On Sun, Jul 06, 2003 at 02:32:57AM -0700, andrewg (at) felinemenace (dot) org [email concealed] wrote:
> While do some testing, I noticed I could reproducably trigger an assert
> condition in the rpc2 code (I think its there).
>
> I managed to take out pretty much my test serverside of the coda setup.

Yeah, there are assertions sprinkled all over the place. The closer a
packet resembles a valid rpc2 packet, the more likely it is that some
assertion will get triggered.

I've committed a fix for this case (and a couple of others in the same
area) to CVS.

Jan

References:
Main coda page: http://coda.cs.cmu.edu
Coda Denial of service code: http://felinemenace.org/exploits.html

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus