('binary' encoding is not supported, stored as-is) psyBNC 2.3 DoS / bug :: Description psyBNC (http://www.psychoid.lam3rz.de/psybnc.html) has a problem dealing with oversized passwords, making it possible to tie up all the connection slots and consume alot of CPU on the server. :: Exploit Create a program to do the following: 1. connect to the psyBNC daemon 2. send "irc registraion" information, e.g.: user a b c d [LF/0x10] nick abcd [LF/0x10] 3. send an oversized password (about 9000++ bytes): PASS <oversized password> [LF/0x10] 4. kill the connection This will make psyBNC slowly consume more and more CPU, and the connection will not be closed, but kept in state "CLOSE_WAIT". In other words; by doing the procedure described above many times (depending on the psyBNC configuration, 3 is default) you can lock up all the connection slots and make the psyBNC daemon inaccessible for other clients. Concerning the CPU usage, when testing this on my own box the usage went from 0.1% to about 90.0% and the load average went from 0.0 to about 0.72. :: Closing words Somebody might have discovered this before, but not that i'm aware of. Did some searching without any luck. The creator of psyBNC has been contacted. - nawok <nawokat_private>
This archive was generated by hypermail 2b30 : Mon Apr 22 2002 - 14:31:23 PDT