[Bug 901716] Re: Permanent CPU Hog During TCP Flood on Portmap and RPC.STATD
Steve Beattie
sbeattie at ubuntu.com
Fri Mar 9 17:33:48 UTC 2012
** Visibility changed to: Public
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to eglibc in Ubuntu.
https://bugs.launchpad.net/bugs/901716
Title:
Permanent CPU Hog During TCP Flood on Portmap and RPC.STATD
Status in “eglibc” package in Ubuntu:
Fix Released
Bug description:
I’m investigating a Permanent CPU DoS resulting from a TCP flood
attack against the TCP ports bound to the Portmap and RPC.STATD
services in Ubuntu 10.04. I’ve found a similar issue on RedHat and it
appears the vulnerability/bug is in glibc
(https://bugzilla.redhat.com/show_bug.cgi?id=702300). However, I
wasn't able to find a similar bug in Ubuntu. The cause may be
different, but it appears similar.
The glibc version installed on my Ubuntu 10.04 server is “libglib2.0-0
2.24.1-0ubuntu1”.
To reproduce, download the following tools from the internet and execute the following commands:
1. arpspoof -i eth1 -t <ubuntu-ip-address> <source-spoof-ip-addr>
2. srvr -SAa -i eth1 <source-spoof-ip-addr> [srvr is part of the Naptha tool]
3. hping2 <ubuntu-ip-address> -p <port-number> -S -a <source-spoof-ip-addr> -i u10000 –q
Note: portnumber is 111 for portmap and the port dynamically bound to rpc.statd (via netstat -lnup | grep rpc.statd)
Thanks,
John Zimmerman
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/901716/+subscriptions
More information about the foundations-bugs
mailing list