[OpenAFS] Attacks against AFS lead to crashing machines
Brent Johnson
brent.a.johnson@jpl.nasa.gov
Fri, 07 Jun 2002 09:59:09 -0700
--------------040907090907060701020104
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Well, not run it since it could take other folx (we know it works: it
took down 3 of our Solaris 2.6 servers running 3.6 2.26) but just see
what's its doing.
-Brent
Brent Johnson wrote:
> Jimmye (et al),
>
> I may have missed this, but could I get a look at this code? Maybe we
> could run it here on some machines and see all what's vulnerable here.
>
> BTW, what versions are you running?
>
> Thanks,
> Brent
>
> Jan Tax wrote:
>
>>On Fri, 7 Jun 2002, Hans-Werner Paulsen wrote:
>>
>>>On Thu, Jun 06, 2002 at 11:21:54PM +0200, Jimmy Engelbrecht wrote:
>>>
>>>>Wolfgang Friebel <friebel@ifh.de> writes:
>>>>
>>>>> CERN and other institutes are currently attacked from
>>>>> 130.237.48.109 (sul.e.kth.se)
>>>>>
>>>>We are very sorry if packets from our scanning program have caused you
>>>>problems by triggering a bug in some AFS clients. We had no malicious
>>>>intent by using a documented AFS call nor could we imagine that this
>>>>would cause you so much grief. We tested our probing software on our
>>>>own cell first and had - unfortunately for you - no crashes.
>>>>
>>>Which documentation did you use?
>>>
>>>>The bug that caused the trouble is probably a memory leak that is fixed in
>>>>the OpenAFS 1.2.x releases and has never existed in Arla. We do not know yet
>>>>what IBM/Transarc versions are fixed or not.
>>>>
>>>We had system crashes on 5 of our AFS server machines, but they were
>>>running OpenAFS-1.2.3 and AIX-4.3.3. Therefore it is n o t fixed
>>>in OpenAFS 1.2.x.
>>>
>>
>>We have had system crashes on 3 of our AIX 4.3.3 AFS fileserver machines,
>>the most recent 1/2-hour ago. All are running IBM/Transarc version 3.6
>>build 2.32, so there still appears to be a bug that afscrawler tickles.
>>
>>Jan
>>---------------------------------------------------------------------------
>>Jan Tax Email: jan_tax@unc.edu
>>Academic Technology and Networks Phone: +1.919.962.5642
>>University of North Carolina at Chapel Hill Fax: +1.919.962.5664
>>---------------------------------------------------------------------------
>>
>>
>>_______________________________________________
>>OpenAFS-info mailing list
>>OpenAFS-info@openafs.org
>>https://lists.openafs.org/mailman/listinfo/openafs-info
>>
>
>
--------------040907090907060701020104
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
<html>
<head>
</head>
<body>
Well, not run it since it could take other folx (we know it works: it took
down 3 of our Solaris 2.6 servers running 3.6 2.26) but just see what's its
doing.<br>
<br>
-Brent<br>
<br>
Brent Johnson wrote:<br>
<blockquote type="cite" cite="mid:3D00E3F7.7000908@jpl.nasa.gov"> Jimmye
(et al),<br>
<br>
I may have missed this, but could I get a look at this code? Maybe we could
run it here on some machines and see all what's vulnerable here.<br>
<br>
BTW, what versions are you running?<br>
<br>
Thanks,<br>
Brent<br>
<br>
Jan Tax wrote:<br>
<blockquote type="cite" cite="mid:Pine.WNT.4.44.0206070503340.240-100000@blackdog">
<pre wrap="">On Fri, 7 Jun 2002, Hans-Werner Paulsen wrote:<br><br></pre>
<blockquote type="cite">
<pre wrap="">On Thu, Jun 06, 2002 at 11:21:54PM +0200, Jimmy Engelbrecht wrote:<br></pre>
<blockquote type="cite">
<pre wrap="">Wolfgang Friebel <a class="moz-txt-link-rfc2396E" href="mailto:friebel@ifh.de"><friebel@ifh.de></a> writes:<br><br></pre>
<blockquote type="cite">
<pre wrap=""> CERN and other institutes are currently attacked from<br> 130.237.48.109 (sul.e.kth.se)<br></pre>
</blockquote>
<pre wrap="">We are very sorry if packets from our scanning program have caused you<br>problems by triggering a bug in some AFS clients. We had no malicious<br>intent by using a documented AFS call nor could we imagine that this<br>would cause you so much grief. We tested our probing software on our<br>own cell first and had - unfortunately for you - no crashes.<br></pre>
</blockquote>
<pre wrap="">Which documentation did you use?<br><br></pre>
<blockquote type="cite">
<pre wrap="">The bug that caused the trouble is probably a memory leak that is fixed in<br>the OpenAFS 1.2.x releases and has never existed in Arla. We do not know yet<br>what IBM/Transarc versions are fixed or not.<br></pre>
</blockquote>
<pre wrap="">We had system crashes on 5 of our AFS server machines, but they were<br>running OpenAFS-1.2.3 and AIX-4.3.3. Therefore it is n o t fixed<br>in OpenAFS 1.2.x.<br></pre>
</blockquote>
<pre wrap=""><!----><br>We have had system crashes on 3 of our AIX 4.3.3 AFS fileserver machines,<br>the most recent 1/2-hour ago. All are running IBM/Transarc version 3.6<br>build 2.32, so there still appears to be a bug that afscrawler tickles.<br><br>Jan<br>---------------------------------------------------------------------------<br>Jan Tax Email: <a class="moz-txt-link-abbreviated" href="mailto:jan_tax@unc.edu">jan_tax@unc.edu</a><br>Academic Technology and Networks Phone: +1.919.962.5642<br>University of North Carolina at Chapel Hill Fax: +1.919.962.5664<br>---------------------------------------------------------------------------<br><br><br>_______________________________________________<br>OpenAFS-info mailing list<br><a class="moz-txt-link-abbreviated" href="mailto:OpenAFS-info@openafs.org">OpenAFS-info@openafs.org</a><br><a class="moz-txt-link-freetext" href="https://lists.op
en%0A%0Aafs.org/mailman/listinfo/openafs-info">https://lists.openafs.org/mailman/listinfo/openafs-info</a><br></pre>
</blockquote>
<br>
<br>
</blockquote>
<br>
</body>
</html>
--------------040907090907060701020104--