Bug#614785: [Pkg-utopia-maintainers] Bug#614785: avahi-daemon uses 100% of cpu when scanned with nmap (DoS possible?)

Wed, 23 Feb 2011 05:00:19 -0800 

Am 23.02.2011 13:36, schrieb Alexander Kurtz:
> Package: avahi-daemon
> Version: 0.6.27-2
> Tags: security
> Severity: critical
> Justification: Introduces possible denial-of-service scenario.
> 
> Hi,
> 
> when I scan my server from another machine on the network using nmap, I
> get this:
> 
>       # nmap -sU -p5353 192.168.2.2
> 
>       Starting Nmap 5.00 ( http://nmap.org ) at 2011-02-23 13:15 CET
>       Interesting ports on 192.168.2.2:
>       PORT     STATE         SERVICE
>       5353/udp open|filtered zeroconf
>       MAC Address: XX:XX:XX:XX:XX:XX (Netgear)
> 
>       Nmap done: 1 IP address (1 host up) scanned in 0.50 seconds
>       # 
> 
> As soon as the scan starts, avahi-daemon on the server starts running
> amok, top shows this: 
> 
>         PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND
>        5535 avahi     20   0 33884 1600 1280 R  100  0.0   2:28.47 
> avahi-daemon
> 
> Restarting avahi-daemon is not possible: 
> 
>       # /etc/init.d/avahi-daemon restart
>       Restarting Avahi mDNS/DNS-SD Daemon: avahi-daemonFailed to kill daemon: 
> Timer expired
>       .
>       #
> 
> Simply terminating the process doesn't work either: 
> 
>       # ps -Af | grep avahi-daemon
>       avahi     5535     1 87 13:14 ?        00:04:43 avahi-daemon: running 
> [server.local]
>       avahi     5536  5535  0 13:14 ?        00:00:00 avahi-daemon: chroot 
> helper
>       root      5610  5581  0 13:20 pts/2    00:00:00 grep avahi-daemon
>       # kill 5535
>       # ps -Af | grep avahi-daemon
>       avahi     5535     1 88 13:14 ?        00:05:02 avahi-daemon: running 
> [server.local]
>       avahi     5536  5535  0 13:14 ?        00:00:00 avahi-daemon: chroot 
> helper
>       root      5614  5581  0 13:20 pts/2    00:00:00 grep avahi-daemon
>       #
> 
> Forcibly killing the process works:
> 
>       # kill -9 5535
>       # ps -Af | grep avahi-daemon
>       root      5629  5581  0 13:23 pts/2    00:00:00 grep avahi-daemon
>       # 
> 
> I don't know what kind of data nmap sends when scanning for open UDP
> ports, but it definitely shouldn't cause avahi-daemon to run amok.
> 
> Please note that I have not changed the Avahi configuration in any way,
> so you should be able to reproduce this easily. Please tell me if you
> need any more information!

I was able to reproduce this problem on a squeeze system, but not on unstable.

Can you confirm that?

Michael
-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to