Fwd: [OpenAFS] Attacks against AFS lead to crashing machines
Mike W Ellwood
m.w.ellwood@rl.ac.uk
Thu, 6 Jun 2002 16:07:11 +0100 (BST)
On Thu, 6 Jun 2002 Todd_DeSantis@transarc.com wrote:
> ---------- Forwarded message begins here ----------
>
> Hi Wolfgang:
>
> > CERN and other institutes are currently attacked from
> > 130.237.48.109 (sul.e.kth.se)
> > By scanning port 7001 and sending malicious packets the attacker
> > was able to crash AFS servers.
> > Reports have shown that at least Solaris 5.6 and 5.7 machines and AIX
> > 4.3.3 machines are affected, but probably that are not the only
> > platforms.
>
> > We reccommend to take appropriate mesures against this attack (at
> > least blocking the originating site)
>
> > The versions of AFS involved in our sad experien ce were 3.6 build
> > 2.5 (patch1) and 3.6 build 2.26 (patch3).
>
> We addressed many of these problems in Patch 4 of the AFS code base
>
> 3.6 build 2.27 and was part of patch 4
> 3.6 build 2.32
>
> We would need to verify that the problem you saw was related to the
> problems you saw.
>
> Thanks
>
> Todd DeSantis
> AFS Support
Does anyone know if the vulnerability exists in 3.4a (latest build)?
Thanks.
Mike Ellwood