psyBNC 2.3 DoS / bug

[<nawok () nawok org>]

psyBNC 2.3 DoS / bug


:: Description

psyBNC 
(http://www.psychoid.lam3rz.de/psybnc.html) has a 
problem 
dealing with oversized passwords, making it possible 
to tie up all 
the connection slots and consume alot of CPU on the 
server.


:: Exploit

Create a program to do the following:

1. connect to the psyBNC daemon
2. send "irc registraion" information, e.g.:

   user a b c d [LF/0x10]
   nick abcd [LF/0x10]

3. send an oversized password (about 9000++ bytes):

   PASS <oversized password> [LF/0x10]

4. kill the connection


This will make psyBNC slowly consume more and 
more CPU, and 
the connection will not be closed, but kept in state 
"CLOSE_WAIT".

In other words; by doing the procedure described 
above
many times (depending on the psyBNC configuration, 
3 is default)
you can lock up all the connection slots and make the
psyBNC daemon inaccessible for other clients.

Concerning the CPU usage, when testing this on my 
own box
the usage went from 0.1% to about 90.0% and the 
load average 
went from 0.0 to about 0.72.


:: Closing words

Somebody might have discovered this before, but not 
that i'm
aware of. Did some searching without any luck. The 
creator
of psyBNC has been contacted.

 - nawok <nawok () nawok org>