[Fedora-directory-users] Dos issue in fedora directory server

Tom Ryan tomryan at camlaw.rutgers.edu
Wed Jul 26 20:31:11 UTC 2006 

I have noticed that I can crash fds remotely pretty easily..

I have pam_passthru setup (obvious to those reading my recent emails)..

Anyway, if I run the following from a remote system

Ldapsearch -x uid=anything -H ldaps://fds-server -x -W -D uid=+

And enter anything for a password,

It goes away..

Here's a strace of the pid

poll([{fd=22, events=POLLIN}, {fd=6, events=POLLIN}, {fd=7, events=POLLIN}],
3, 250) = 0
gettimeofday({1153945615, 879597}, NULL) = 0
poll([{fd=22, events=POLLIN}, {fd=6, events=POLLIN}, {fd=7, events=POLLIN,
revents=POLLIN}], 3, 250) = 1
accept(7, {sa_family=AF_INET6, sin6_port=htons(51128), inet_pton(AF_INET6,
"::ffff:CLIENTIP", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, [28]) =
24
fcntl64(24, F_GETFL)                    = 0x2 (flags O_RDWR)
fcntl64(24, F_SETFL, O_RDWR|O_NONBLOCK) = 0
brk(0x88cf000)                          = 0x88cf000
fcntl64(24, F_DUPFD, 64)                = 64
close(24)                               = 0
setsockopt(64, SOL_TCP, TCP_NODELAY, [0], 4) = 0
getsockname(64, {sa_family=AF_INET6, sin6_port=htons(636),
inet_pton(AF_INET6, "::ffff:FDSSERVERIP", &sin6_addr), sin6_flowinfo=0,
sin6_scope_id=0}, [28]) = 0
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1267, ...}) = 0
getpeername(7, 0xbfecf5c0, [108])       = -1 ENOTCONN (Transport endpoint is
not connected)
gettimeofday({1153945615, 974890}, NULL) = 0
poll([{fd=22, events=POLLIN}, {fd=6, events=POLLIN}, {fd=7, events=POLLIN},
{fd=64, events=POLLIN, revents=POLLIN}], 4, 250) = 1
futex(0x8613a78, FUTEX_WAKE, 1)         = 1
getpeername(7, 0xbfecf5c0, [108])       = -1 ENOTCONN (Transport endpoint is
not connected)
gettimeofday({1153945615, 978689}, NULL) = 0
poll([{fd=22, events=POLLIN, revents=POLLIN}, {fd=6, events=POLLIN}, {fd=7,
events=POLLIN}], 3, 250) = 1
read(22, "\0", 200)                     = 1
getpeername(7, 0xbfecf5c0, [108])       = -1 ENOTCONN (Transport endpoint is
not connected)
gettimeofday({1153945615, 992926}, NULL) = 0
poll([{fd=22, events=POLLIN}, {fd=6, events=POLLIN}, {fd=7, events=POLLIN},
{fd=64, events=POLLIN}], 4, 250) = -1 EINTR (Interrupted system call)
+++ killed by SIGSEGV +++
Process 20095 detached

Bummer..

More information about the Fedora-directory-users mailing list