('binary' encoding is not supported, stored as-is) psyBNC 2.3 DoS / bug


:: Description

psyBNC
(http://www.psychoid.lam3rz.de/psybnc.html) has a
problem
dealing with oversized passwords, making it possible
to tie up all
the connection slots and consume alot of CPU on the
server.


:: Exploit

Create a program to do the following:

1. connect to the psyBNC daemon
2. send "irc registraion" information, e.g.:

   user a b c d [LF/0x10]
   nick abcd [LF/0x10]

3. send an oversized password (about 9000++ bytes):

   PASS <oversized password> [LF/0x10]

4. kill the connection


This will make psyBNC slowly consume more and
more CPU, and
the connection will not be closed, but kept in state
"CLOSE_WAIT".

In other words; by doing the procedure described
above
many times (depending on the psyBNC configuration,
3 is default)
you can lock up all the connection slots and make the
psyBNC daemon inaccessible for other clients.

Concerning the CPU usage, when testing this on my
own box
the usage went from 0.1% to about 90.0% and the
load average
went from 0.0 to about 0.72.


:: Closing words

Somebody might have discovered this before, but not
that i'm
aware of. Did some searching without any luck. The
creator
of psyBNC has been contacted.

 - nawok <nawoknawok.org>

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]