#######################################################################

                             Luigi Auriemma

Applicazione: RSniff (Remote Sniff)
              http://www.cse.sc.edu/~madamanc/projects.html
Versioni:     1.0
Piattaforme:  Linux
Bug:          Denial of Service
Exploitation: remoto
Data:         09 Apr 2004
Autore:       Luigi Auriemma
              e-mail: aluigi@autistici.org
              web:    aluigi.org


#######################################################################


1) Introduzione
2) Bug
3) The Code
4) Fix


#######################################################################

===============
1) Introduzione
===============


Rsniff e' uno sniffer remoto per Linux scritto da Rajesh Kumar
Madamanchi.


#######################################################################

======
2) Bug
======


Basta osservare il seguente codice in server.c:

153    {
154        printf ("RSniff Server: Authentication failed!\n");
155        continue;
156    }

Questa operazione avviene quando un client si connette al server Rsniff
ed invia un comando che non sia AUTHENTICATE (un numero a 32 bit uguale
a zero) o piu' semplicemente chiude la connessione senza inviare dati.
Il risultato e' il riavvio del loop di binding, quindi il socket sara'
ricreato MA il vecchio socket non sara' chiuso.

Dopo 1024 connessioni il server finira' tutti i file descriptors
disponibili e non puo' accettare nuovi clients.


#######################################################################

===========
3) The Code
===========


http://aluigi.org/poc/emptyconn.zip


#######################################################################

======
4) Fix
======


Basta aggiungere "close (new_sockfd);" alla linea 156:

153    {
154        printf ("RSniff Server: Authentication failed!\n");
155        close (new_sockfd);  /* PATCH */
156        continue;
157    }

Comunque Rajesh e' stato contattato e rilasciera' una nuova versione
presto.


#######################################################################