| Subject | Re: [firebird-support] Potential DoS attack on firebird |
|---|---|
| Author | Jacob Alberty |
| Post date | 2004-08-19T00:20:04Z |
this particular one only appears to affect linux, im trying to et ahold
of some other systems to test on, i can tell you right now that windows
is unnaffected, i tested it on linux with the 1.5.0 and 1.5.1(nptl)
builds of the superserver, affected both, it would cause the fbserver
process to hang, i dont believe there was a cpu spike, it would just
hang and would freeze up all existing client connections and future
connections couldnt be made, only once it unfroze itself without me
doing anything but normally i have to kill the fbserver process. is
there any objections to me posting the method here so someone with more
time can investigate it and perhaps pin this down? I dont want to post
something thats going to cause someone undue stress if they have a
production system reliant on this, no permissions are needed to cause
the dos, works locally or remotely and can be duplicated with nothing
more than netcat, no passwords are needed. just thought id note it is
not a buffer overflow or client library issue in this instance.
unordained wrote:
of some other systems to test on, i can tell you right now that windows
is unnaffected, i tested it on linux with the 1.5.0 and 1.5.1(nptl)
builds of the superserver, affected both, it would cause the fbserver
process to hang, i dont believe there was a cpu spike, it would just
hang and would freeze up all existing client connections and future
connections couldnt be made, only once it unfroze itself without me
doing anything but normally i have to kill the fbserver process. is
there any objections to me posting the method here so someone with more
time can investigate it and perhaps pin this down? I dont want to post
something thats going to cause someone undue stress if they have a
production system reliant on this, no permissions are needed to cause
the dos, works locally or remotely and can be duplicated with nothing
more than netcat, no passwords are needed. just thought id note it is
not a buffer overflow or client library issue in this instance.
unordained wrote:
> As an aside: we still haven't pinned down what caused our FB 1.5
> installation to go nuts on the
> production server when we installed it there a couple weeks ago. Helen
> suggested it might have been
> the fact we still had FB 1.0 clients installed on the desktops (in
> fact, Paul found we still had
> some IB 6 client libraries, too) -- we finished upgrading all the
> clients to 1.5 libraries, and
> will try for a 1.5 server again later, maybe this week. Paul had found
> that if he connected to it,
> nothing weird happened (he had 1.5 libraries already installed on his
> development machine), but
> when connecting from our NT4 citrix box, with libraries not updated,
> it would happen. (I only found
> this out later -- at first I was told any connections to it would
> cause the cpu usage to jump
> immediately.)
>
> But I wonder if these are related issues? (That is, FB 1.5 not liking
> certain
> requests/packets/whatever, and going into 100% cpu usage mode so long
> as the connection stays open?)
>
> -Philip
>
> ---------- Original Message -----------
> From: Jacob Alberty <calberty@...>
> To: firebird-support@yahoogroups.com
> Sent: Wed, 18 Aug 2004 17:23:15 -0500
> Subject: [firebird-support] Potential DoS attack on firebird
>
> > While toying with firebird 1.5.0 i discovered a method of locking it
> > (bad news was i found it on a production system during a busy time) it
> > appears to affect 1.5.0 and 1.5.1 nptl SS, havent tested others and it
> > only appears to work on windows systems, would it be ok if i posted
> this
> > information here or is there a better place to post it? (i can
> reproduce
> > it reliably using netcat)
> >
> >
> > Yahoo! Groups Links
> >
> >
> >
> ------- End of Original Message -------
>