rsniff.txt

rsniff.txt: Posted Apr 9, 2004; Authored by Luigi Auriemma | Site aluigi.altervista.org; RSniff, the packet sniffer for Linux, is susceptible to a denial of service attack.; tags | advisory, denial of service; systems | linux; SHA-256 | 63e855d919cd019e79d1bb3e8434abfd0ecbdb2f5a5c18f5366896725207f863; Download | Favorite | View

rsniff.txt


#######################################################################

                             Luigi Auriemma

Application:  RSniff (Remote Sniff)
              http://www.cse.sc.edu/~madamanc/projects.html 
Versions:     1.0
Platforms:    Linux
Bug:          Denial of Service
Risk:         low
Exploitation: remote
Date:         09 Apr 2004
Author:       Luigi Auriemma
              e-mail: aluigi@altervista.org
              web:    http://aluigi.altervista.org


#######################################################################


1) Introduction
2) Bug
3) The Code
4) Fix


#######################################################################

===============
1) Introduction
===============


Rsniff is a remote sniffer for Linux written by Rajesh Kumar
Madamanchi.


#######################################################################

======
2) Bug
======


Look the following code in server.c:

153    {
154        printf ("RSniff Server: Authentication failed!\n");
155        continue;
156    }

This operation happens when a client connects to the Rsniff server and
sends a command different than AUTHENTICATE (a 32 bit number equal to
zero) or simply closes the connection without sending data.
The result is the restart of the binding loop, so the socket will be
recreated BUT the old socket will not be closed.

After 1024 connections the server will finish all the available file
descriptors and will not accept new clients.


#######################################################################

===========
3) The Code
===========


http://aluigi.altervista.org/poc/emptyconn.zip


#######################################################################

======
4) Fix
======


Add "close (new_sockfd);" at line 156:

153    {
154        printf ("RSniff Server: Authentication failed!\n");
155        continue;
156        close (new_sockfd);  /* PATCH */
157    }

However Rajesh has been contacted and will release a new version soon. 


#######################################################################


--- 
Luigi Auriemma
http://aluigi.altervista.org



APPENDAGE:


> 153    {
> 154        printf ("RSniff Server: Authentication failed!\n");
> 155        continue;
> 156        close (new_sockfd);  /* PATCH */
> 157    }


Excuse me but I have made an error here (lines 155 and 156) the close()
naturally must be located before the "continue;":

153    {
154        printf ("RSniff Server: Authentication failed!\n");
155        close (new_sockfd);  /* PATCH */
156        continue;
157    }



--- 
Luigi Auriemma
http://aluigi.altervista.org

Top Authors In Last 30 Days

Red Hat 205 files
Ubuntu 54 files
Debian 28 files
LiquidWorm 11 files
Valentin Lobstein 10 files
nu11secur1ty 7 files
Google Security Research 6 files
Milad Karimi 5 files
Yevhenii Butenko 4 files
Jann Horn 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,023)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,346)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,586)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,464)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

rsniff.txt

rsniff.txt

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

rsniff.txt

Share This

rsniff.txt

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems