[OpenAFS] Attacks against AFS lead to crashing machines

Wolfgang Friebel Wolfgang.Friebel@cern.ch
Thu, 6 Jun 2002 14:32:31 +0200 (MEST)


 Hi,

 CERN and other institutes are currently attacked from
 130.237.48.109 (sul.e.kth.se)
 By scanning port 7001 and sending malicious packets the attacker
 was able to crash AFS servers.
 Reports have shown that at least Solaris 5.6 and 5.7 machines and AIX
 4.3.3 machines are affected, but probably that are not the only platforms.

 We reccommend to take appropriate mesures against this attack (at least
 blocking the originating site)

 Best regards
 Wolfgang Friebel

PS: Below I do copy the information I obtained from Benoit Delaunay
---------------------------------------------------------------------

Date: Thu, 06 Jun 2002 13:57:48 +0200 (MET DST)
From: Benoit Delaunay <delaunay@in2p3.fr>
To: Wolfgang.Friebel@cern.ch

To provide further information, it is the client part (the AFS cache
manager) which is subject to this vulnerability. The cache manager is
usually running on the AFS server machines and is responsible for the
crash. We experienced many crashes this morning on both AFS client
machines and AFS servers.

The versions of AFS involved in our sad experience were 3.6 build 2.5
(patch1) and 3.6 build 2.26 (patch3).

Regards,

B. DELAUNAY