(Fwd) Denial of Service Vulnerability in Nagios
Karl DeBisschop
karl at debisschop.net
Tue Jul 22 05:54:15 CEST 2003
On Mon, 2003-07-21 at 20:35, Karl DeBisschop wrote:
> On Mon, 2003-07-21 at 18:54, Ethan Galstad wrote:
>
> > Anyone have any thoughts or comments on this?
>
> I may see it.
>
> Line 589 starts a loop listening for a connection. If there is an error
> on the connection, you jump out to line 597
>
> I think the repeated SYNs might be seen as an error - maybe
> ECONNABORTED.
>
> If so, you return on line 605, for my quick lok return to the main
> routine. That return would close NRPE.
I have tried to reproduce the DOS with nrpe from CVS compiled on Linux
(using namp to create the SYN connections). Unfortunately, that
combination does not produce the bug.
Can anyone else reporduce the bug?
That issue notwithstanding, I have looked more at the code, and I do
feel the above analysis is a problem, even if it is not the problem at
hand. IMHO, wait_for_connections() just ought not return until after the
fork. A possible patch is attached.
--
Karl
-------------- next part --------------
A non-text attachment was scrubbed...
Name: nrpe.patch
Type: text/x-patch
Size: 1048 bytes
Desc: not available
URL: <https://www.monitoring-lists.org/archive/developers/attachments/20030721/062d6db6/attachment.bin>
More information about the Developers
mailing list