[jboss-jira] [JBoss JIRA] Reopened: (JBREM-1261) Prevent DOS attack on BisocketServerInvoker$SecondaryServerSocketThread

Ron Sigal (JIRA) jira-events at lists.jboss.org
Wed Feb 23 16:51:19 EST 2011 

     [ https://issues.jboss.org/browse/JBREM-1261?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Ron Sigal reopened JBREM-1261:
------------------------------



It turns out that two parts of the fix were omitted:

1. The bound on the number of new threads, and

2. setting the timeout for Socket.read().

> Prevent DOS attack on BisocketServerInvoker$SecondaryServerSocketThread
> -----------------------------------------------------------------------
>
>                 Key: JBREM-1261
>                 URL: https://issues.jboss.org/browse/JBREM-1261
>             Project: JBoss Remoting
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) 
>    Affects Versions: 2.5.3.SP1, 2.2.3.SP3
>            Reporter: Ron Sigal
>            Assignee: Ron Sigal
>             Fix For: 2.5.4, 2.2.3.SP4
>
>
> From the original bug report: 
> Exploiting and thus confirming this vulnerability is extremely simple: Simply
> connect to the bisocket control connection (ie. "telnet <jboss-host>
> <control-connection-port>") without sending any data on the connection. As long
> as this connection is open, no clients can connect to the bisocket control port
> because the connections are not accepted at server side.
> The cause of this vulnerability is found in method
> org.jboss.remoting.transport.bisocket.BisocketServerInvoker$SecondaryServerSocketThread.run(),
> which contains the accept-loop for the bisocket control connection. After
> having accepted a connection, the accept loop thread reads from the newly
> created connection expecting the client to send an action code and a listener
> id. If the client sends nothing, the accept loop thread will block in the read
> call, causing no other connections to be accepted.
> To fix, the accept loop thread should not do the read on the new connection.
> Instead it should start a new thread that does the read

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list