psydos.txt

`psyBNC 2.3 DoS / bug  
  
:: Description  
  
psyBNC (http://www.psychoid.lam3rz.de/psybnc.html) has a problem   
dealing with oversized passwords, making it possible to tie up all  
the connection slots and consume alot of CPU on the server.  
  
:: Exploit  
  
Create a program to do the following:  
  
1. connect to the psyBNC daemon  
2. send "irc registraion" information, e.g.:  
  
user a b c d [LF/0x10]  
nick abcd [LF/0x10]  
  
3. send an oversized password (about 9000++ bytes):  
  
PASS <oversized password> [LF/0x10]  
  
4. kill the connection  
  
  
This will make psyBNC slowly consume more and more CPU, and  
the connection will not be closed, but kept in state  
"CLOSE_WAIT".  
  
In other words; by doing the procedure described above  
many times (depending on the psyBNC configuration, 3 is default)  
you can lock up all the connection slots and make the  
psyBNC daemon inaccessible for other clients.  
  
Concerning the CPU usage, when testing this on my own box  
the usage went from 0.1% to about 90.0% and the load average  
went from 0.0 to about 0.72.  
  
:: Closing words  
  
Somebody might have discovered this before, but not that i'm  
aware of. Did some searching without any luck. The creator  
of psyBNC has been contacted.  
  
- nawok <[email protected]>  
`