[OpenAFS] Attacks against AFS lead to crashing machines

Brent Johnson brent.a.johnson@jpl.nasa.gov
Fri, 07 Jun 2002 09:38:30 -0700


--------------030400030906040903010108
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

Jimmye (et al),

I may have missed this, but could I get a look at this code? Maybe we 
could run it here on some machines and see all what's vulnerable here.

BTW, what versions are you running?

Thanks,
Brent

Jan Tax wrote:

>On Fri, 7 Jun 2002, Hans-Werner Paulsen wrote:
>
>>On Thu, Jun 06, 2002 at 11:21:54PM +0200, Jimmy Engelbrecht wrote:
>>
>>>Wolfgang Friebel <friebel@ifh.de> writes:
>>>
>>>> CERN and other institutes are currently attacked from
>>>> 130.237.48.109 (sul.e.kth.se)
>>>>
>>>We are very sorry if packets from our scanning program have caused you
>>>problems by triggering a bug in some AFS clients. We had no malicious
>>>intent by using a documented AFS call nor could we imagine that this
>>>would cause you so much grief. We tested our probing software on our
>>>own cell first and had - unfortunately for you - no crashes.
>>>
>>Which documentation did you use?
>>
>>>The bug that caused the trouble is probably a memory leak that is fixed in
>>>the OpenAFS 1.2.x releases and has never existed in Arla. We do not know yet
>>>what IBM/Transarc versions are fixed or not.
>>>
>>We had system crashes on 5 of our AFS server machines, but they were
>>running OpenAFS-1.2.3 and AIX-4.3.3. Therefore it is  n o t  fixed
>>in OpenAFS 1.2.x.
>>
>
>We have had system crashes on 3 of our AIX 4.3.3 AFS fileserver machines,
>the most recent 1/2-hour ago.  All are running IBM/Transarc version 3.6
>build 2.32, so there still appears to be a bug that afscrawler tickles.
>
>Jan
>---------------------------------------------------------------------------
>Jan Tax                                              Email: jan_tax@unc.edu
>Academic Technology and Networks                     Phone: +1.919.962.5642
>University of North Carolina at Chapel Hill          Fax:   +1.919.962.5664
>---------------------------------------------------------------------------
>
>
>_______________________________________________
>OpenAFS-info mailing list
>OpenAFS-info@openafs.org
>https://lists.openafs.org/mailman/listinfo/openafs-info
>


--------------030400030906040903010108
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit

<html>
<head>
</head>
<body>
Jimmye (et al),<br>
<br>
I may have missed this, but could I get a look at this code? Maybe we could
run it here on some machines and see all what's vulnerable here.<br>
<br>
BTW, what versions are you running?<br>
<br>
Thanks,<br>
Brent<br>
<br>
Jan Tax wrote:<br>
<blockquote type="cite" cite="mid:Pine.WNT.4.44.0206070503340.240-100000@blackdog">
  <pre wrap="">On Fri, 7 Jun 2002, Hans-Werner Paulsen wrote:<br><br></pre>
  <blockquote type="cite">
    <pre wrap="">On Thu, Jun 06, 2002 at 11:21:54PM +0200, Jimmy Engelbrecht wrote:<br></pre>
    <blockquote type="cite">
      <pre wrap="">Wolfgang Friebel <a class="moz-txt-link-rfc2396E" href="mailto:friebel@ifh.de">&lt;friebel@ifh.de&gt;</a> writes:<br><br></pre>
      <blockquote type="cite">
        <pre wrap=""> CERN and other institutes are currently attacked from<br> 130.237.48.109 (sul.e.kth.se)<br></pre>
        </blockquote>
        <pre wrap="">We are very sorry if packets from our scanning program have caused you<br>problems by triggering a bug in some AFS clients. We had no malicious<br>intent by using a documented AFS call nor could we imagine that this<br>would cause you so much grief. We tested our probing software on our<br>own cell first and had - unfortunately for you - no crashes.<br></pre>
        </blockquote>
        <pre wrap="">Which documentation did you use?<br><br></pre>
        <blockquote type="cite">
          <pre wrap="">The bug that caused the trouble is probably a memory leak that is fixed in<br>the OpenAFS 1.2.x releases and has never existed in Arla. We do not know yet<br>what IBM/Transarc versions are fixed or not.<br></pre>
          </blockquote>
          <pre wrap="">We had system crashes on 5 of our AFS server machines, but they were<br>running OpenAFS-1.2.3 and AIX-4.3.3. Therefore it is  n o t  fixed<br>in OpenAFS 1.2.x.<br></pre>
          </blockquote>
          <pre wrap=""><!----><br>We have had system crashes on 3 of our AIX 4.3.3 AFS fileserver machines,<br>the most recent 1/2-hour ago.  All are running IBM/Transarc version 3.6<br>build 2.32, so there still appears to be a bug that afscrawler tickles.<br><br>Jan<br>---------------------------------------------------------------------------<br>Jan Tax                                              Email: <a class="moz-txt-link-abbreviated" href="mailto:jan_tax@unc.edu">jan_tax@unc.edu</a><br>Academic Technology and Networks                     Phone: +1.919.962.5642<br>University of North Carolina at Chapel Hill          Fax:   +1.919.962.5664<br>---------------------------------------------------------------------------<br><br><br>_______________________________________________<br>OpenAFS-info mailing list<br><a class="moz-txt-link-abbreviated" href="mailto:OpenAFS-info@openafs.org">OpenAFS-info@openafs.org</a><br><a class="moz-txt-link-freetext" href="https://lists.open
afs.org/mailman/listinfo/openafs-info">https://lists.openafs.org/mailman/listinfo/openafs-info</a><br></pre>
          </blockquote>
          <br>
          </body>
          </html>

--------------030400030906040903010108--