[Pkg-utopia-maintainers] Bug#614785: Bug#614785: avahi-daemon uses 100% of cpu when scanned with nmap (DoS possible?)

Michael Biebl biebl at debian.org
Wed Feb 23 12:58:25 UTC 2011 

Am 23.02.2011 13:36, schrieb Alexander Kurtz:
> Package: avahi-daemon
> Version: 0.6.27-2
> Tags: security
> Severity: critical
> Justification: Introduces possible denial-of-service scenario.
> 
> Hi,
> 
> when I scan my server from another machine on the network using nmap, I
> get this:
> 
> 	# nmap -sU -p5353 192.168.2.2
> 
> 	Starting Nmap 5.00 ( http://nmap.org ) at 2011-02-23 13:15 CET
> 	Interesting ports on 192.168.2.2:
> 	PORT     STATE         SERVICE
> 	5353/udp open|filtered zeroconf
> 	MAC Address: XX:XX:XX:XX:XX:XX (Netgear)
> 
> 	Nmap done: 1 IP address (1 host up) scanned in 0.50 seconds
> 	# 
> 
> As soon as the scan starts, avahi-daemon on the server starts running
> amok, top shows this: 
> 
> 	  PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND
> 	 5535 avahi     20   0 33884 1600 1280 R  100  0.0   2:28.47 avahi-daemon
> 
> Restarting avahi-daemon is not possible: 
> 
> 	# /etc/init.d/avahi-daemon restart
> 	Restarting Avahi mDNS/DNS-SD Daemon: avahi-daemonFailed to kill daemon: Timer expired
> 	.
> 	#
> 
> Simply terminating the process doesn't work either: 
> 
> 	# ps -Af | grep avahi-daemon
> 	avahi     5535     1 87 13:14 ?        00:04:43 avahi-daemon: running [server.local]
> 	avahi     5536  5535  0 13:14 ?        00:00:00 avahi-daemon: chroot helper
> 	root      5610  5581  0 13:20 pts/2    00:00:00 grep avahi-daemon
> 	# kill 5535
> 	# ps -Af | grep avahi-daemon
> 	avahi     5535     1 88 13:14 ?        00:05:02 avahi-daemon: running [server.local]
> 	avahi     5536  5535  0 13:14 ?        00:00:00 avahi-daemon: chroot helper
> 	root      5614  5581  0 13:20 pts/2    00:00:00 grep avahi-daemon
> 	#
> 
> Forcibly killing the process works:
> 
> 	# kill -9 5535
> 	# ps -Af | grep avahi-daemon
> 	root      5629  5581  0 13:23 pts/2    00:00:00 grep avahi-daemon
> 	# 
> 
> I don't know what kind of data nmap sends when scanning for open UDP
> ports, but it definitely shouldn't cause avahi-daemon to run amok.
> 
> Please note that I have not changed the Avahi configuration in any way,
> so you should be able to reproduce this easily. Please tell me if you
> need any more information!

I was able to reproduce this problem on a squeeze system, but not on unstable.

Can you confirm that?

Michael
-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 900 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-utopia-maintainers/attachments/20110223/c5826207/attachment.pgp>

More information about the Pkg-utopia-maintainers mailing list