Vigil@nce - OpenBSD 5: denial of service of portmap
December 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can open several connections on the portmap port of
OpenBSD 5.1 and 5.2, in order to stop the service.
Impacted products: OpenBSD
Severity: 2/4
Creation date: 27/11/2012
Revision date: 29/11/2012
DESCRIPTION OF THE VULNERABILITY
The portmap service listens on port 111, and indicates clients
where to connect in order to access to a requested RPC service.
The src/lib/libc/rpc/svc_tcp.c file of OpenBSD implements RPC.
Since December 2003, it uses poll() instead of select(), and
implements an optimization ("pack svc_pollfd") when there are too
many connections. However, this optimization is incompatible with
the poll() function of the libc from recent OpenBSD versions.
Accurate technical details are unknown.
An attacker can therefore open several connections on the portmap
port of OpenBSD 5.1 and 5.2, in order to stop the service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/OpenBSD-5-denial-of-service-of-portmap-12188