|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: redhat-6.2 snmpd
From: Adam Goryachev (info
wesolveit.com.au)Date: Fri May 05 2000 - 08:14:21 CDT
- Next message: Chris Evans: "Re: redhat-6.2 snmpd"
- Previous message: Tom Vogt: "Re: [lids] Re: Secure Linux Distro (fwd)"
- Next in thread: Chris Evans: "Re: redhat-6.2 snmpd"
- Reply: Chris Evans: "Re: redhat-6.2 snmpd"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Long subject: DoS on ucd-snmp-4.1.1 but I don't know how to find out more.
Details: I have had ucd-snmp installed for some time, and use it so that
mrtg can draw pretty graphs of the interface statistics, and also have had
a home brew script doing a similar thing. This has worked with no problems.
At some point I upgraded the ucd-snmp package to the one which comes from
redhat-6.2 (this is a redhat-6.0 box, but the same occurs on a stock
redhat-6.2 from clean install).
OK, if I do a:
snmpwalk localhost public ip
I get no lines of output, and shortly afterward I get "Timeout: No Response
from localhost". If I watch 'top' I can see that snmpd is now consuming
almost 100% CPU and a fair bit more memory, both of these drop down again
after around 2 minutes. During this time, no other SNMP request will work,
but after it has recovered, it becomes business as usual.
Hence, it seems to me that snmpd is trying to do something it shouldn't, or
somehow getting into some trouble somewhere. BTW, snmpd runs as user root.
Apart from everything else, this seems like a good way to use up a
computer's CPU, and to deny anyone else from talking to an snmp server by
sending a small short snmp request. This assumes the attacker has access to
send valid snmp requests.
I'll send another email when I have time to run through the strace and/or
possibly the source, though I don't know how far I will get due to my
rather limited knowledge.
Adam Goryachev
We Solve IT Pty Ltd
Ph: +61 2 9345 4395 infowesolveit.com.au
Fax: +61 2 9345 4396 http://www.wesolveit.com.au
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.1 Int. for non-commercial use
<http://www.pgpinternational.com>
iQA/AwUBORI8jgGNJgXrV/C3EQIgigCgzwCjcQklftgce3f5sR7/SL8voD4AoMpf
2saGHYUrm5E6OGqcw4yu/sXV
=GLho
-----END PGP SIGNATURE-----
- Next message: Chris Evans: "Re: redhat-6.2 snmpd"
- Previous message: Tom Vogt: "Re: [lids] Re: Secure Linux Distro (fwd)"
- Next in thread: Chris Evans: "Re: redhat-6.2 snmpd"
- Reply: Chris Evans: "Re: redhat-6.2 snmpd"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]