Bug#776424: [kgb-maintainers] Bug#776424: can be crashed by some network traffic
Moritz Mühlenhoff wrote: > What's the status, did this re-occur with current versions, like > the one in testing? I know I saw the problem several times in 2018, on an unstable system, excact versions unknown. I've moved the server to a different host and have not seen in the couple of months since that at least. -- see shy jo signature.asc Description: PGP signature
Bug#776424: [kgb-maintainers] Bug#776424: can be crashed by some network traffic
On Wed, Apr 05, 2017 at 01:38:08PM -0400, Joey Hess wrote: > Antoine Beaupre wrote: > > Joey, did you manage to reproduce this issue without an external > > attacker? Can you still reproduce in 1.34? > > Just saw the issue again with 1..34-2 What's the status, did this re-occur with current versions, like the one in testing? Cheers, Moritz
Bug#776424: [kgb-maintainers] Bug#776424: can be crashed by some network traffic
Antoine Beaupre wrote: > Joey, did you manage to reproduce this issue without an external > attacker? Can you still reproduce in 1.34? Just saw the issue again with 1..34-2 -- see shy jo signature.asc Description: PGP signature
Bug#776424: [kgb-maintainers] Bug#776424: can be crashed by some network traffic
On Sun, Feb 08, 2015 at 06:01:14PM +, Damyan Ivanov wrote: > -=| Joey Hess, 27.01.2015 18:00:11 -0400 |=- > > Source: kgb-bot > > Version: 1.33-2 > > Severity: important > > Tags: security > > > > 2015.01.19 18:08:39: Listening on http://0.0.0.0:?session=KGB > > 2015.01.19 18:08:43: Connected to freenode (holmes.freenode.net) > > 2015.01.19 18:08:43: Joining #commits... > > 2015.01.19 18:08:43: Connected to oftc (graviton.oftc.net) > > 2015.01.19 18:08:43: Joining #ikiwiki #vcs-home #git-annex... > > Did not get DONE/CLOSE event for Wheel ID 73 from IP 222.186.34.155 at > > /usr/share/perl5/POE/Component/Server/SimpleHTTP.pm line 221. > > I had a problem posting to event Got_Request of session SOAPServer for > > DIR handler '.*'. As reported by Kernel: 'No such file or directory', > > perhaps the session name is spelled incorrectly for this handler? at > > /usr/share/perl5/POE/Session.pm line 483. > > Tincho, can you have a look? I'm afraid POE internals are a mystery to > me. > > A way to reproduce the problem would certainly help too. > > > This has happened to me twice now, and it takes the bot down. > > > > root@elephant:/home/joey>systemctl status kgb-bot.service > > ● kgb-bot.service - LSB: Collaborative IRC helper > >Loaded: loaded (/etc/init.d/kgb-bot) > >Active: active (exited) since Mon 2015-01-19 14:08:39 JEST; 1 weeks 1 > > days ago > > Process: 26584 ExecReload=/etc/init.d/kgb-bot reload (code=exited, > > status=0/SUCCESS) > > > > Jan 26 03:57:27 elephant kgb-bot[26584]: Reloading Collaborative IRC > > helper: kgb-bot. > > > > systemd thinks the service is running ok, but the daemon has in fact > > crashed or > > exited because of the event logged above. Both "service kbg-bot start" and > > "systemctl start kgb-bot" do nothing. I have to "service kgb-bot stop" to > > get > > out of this state. (It seems that this could stand to be improved, by eg, > > writing a systemd service file that doesn't let the daemon fork, so systemd > > can handle logging and know when the process has exited.) > > This is easy to fix, as the bot has a --foreground parameter. > > > Here's the log from the previous time it happened: > > > > 2015.01.15 23:05:33: Connected to freenode (wolfe.freenode.net) > > 2015.01.15 23:05:33: Joining #commits... > > Did not get DONE/CLOSE event for Wheel ID 1089 from IP 222.186.34.155 at > > /usr/share/perl5/POE/Component/Server/SimpleHTTP.pm line 221. > > I had a problem posting to event Got_Request of session SOAPServer for DIR > > handler '.*'. As reported by Kernel: 'No such file or directory', perhaps > > the session name is spelled incorrectly for this handler? at > > /usr/share/perl5/POE/Session.pm line 483. > > > > I don't know the IP 222.186.34.155. I assume it is trying to exploit my > > server with its DIR .* > > "DIR .*" is a red herring here. The SOAP service registers a HTTP > handler for all paths, expressed as ".*" (AIUI). I am not sure, but it seems to me the "DONE/CLOSE" message is also a red herring: at that point, the server is already shutting down for some other reason - probably the "No such file or directory" error? > > Since this appears to be at least a DOS, I've tagged the bug as > > a minor security issue. So far, this was marked as "no-dsa" by the security team in jessie because it is considered to be a "minor issue"... Is there a workaround for this? Did we fix the .service file to automatically restart the bot? Since it's pretty much stateless, it would seem to be okay to recover from those problems immediately, unless the attacker makes a deliberate attempt at DOS in which case that workaround wouldn't really be effective. I tried to figure out what's going on in the source code, but I'm not familiar with POE either, and I'm not sure I should spend more time on this without a POC. Joey, did you manage to reproduce this issue without an external attacker? Can you still reproduce in 1.34? We would probably need a HTTP trace at this point to reproduce the exact HTTP request sent that makes KGB crash... Since there's no upstream fix yet, I have marked this as no-dsa for Wheezy LTS as well. A. signature.asc Description: PGP signature
Bug#776424: [kgb-maintainers] Bug#776424: can be crashed by some network traffic
Hi! On 08/02/15 18:01, Damyan Ivanov wrote: Tincho, can you have a look? I'm afraid POE internals are a mystery to me. A way to reproduce the problem would certainly help too. Sorry, I forgot about this issue. I will try to take a look. But without some way of reproducing it'll be hard.. Sadly KGB is pretty bad at logging, so not much can be gathered from past logs.. Putting debug: 1 in /etc/kgb-bot/kgb.conf will turn on debugging (and excessive logging). Perhaps that can give more clues the next time the crash happens. Joey, did this gather anything interesting? -- Martín Ferrari (Tincho) -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#776424: [kgb-maintainers] Bug#776424: can be crashed by some network traffic
-=| Joey Hess, 27.01.2015 18:00:11 -0400 |=- Source: kgb-bot Version: 1.33-2 Severity: important Tags: security 2015.01.19 18:08:39: Listening on http://0.0.0.0:?session=KGB 2015.01.19 18:08:43: Connected to freenode (holmes.freenode.net) 2015.01.19 18:08:43: Joining #commits... 2015.01.19 18:08:43: Connected to oftc (graviton.oftc.net) 2015.01.19 18:08:43: Joining #ikiwiki #vcs-home #git-annex... Did not get DONE/CLOSE event for Wheel ID 73 from IP 222.186.34.155 at /usr/share/perl5/POE/Component/Server/SimpleHTTP.pm line 221. I had a problem posting to event Got_Request of session SOAPServer for DIR handler '.*'. As reported by Kernel: 'No such file or directory', perhaps the session name is spelled incorrectly for this handler? at /usr/share/perl5/POE/Session.pm line 483. Tincho, can you have a look? I'm afraid POE internals are a mystery to me. A way to reproduce the problem would certainly help too. This has happened to me twice now, and it takes the bot down. root@elephant:/home/joeysystemctl status kgb-bot.service ● kgb-bot.service - LSB: Collaborative IRC helper Loaded: loaded (/etc/init.d/kgb-bot) Active: active (exited) since Mon 2015-01-19 14:08:39 JEST; 1 weeks 1 days ago Process: 26584 ExecReload=/etc/init.d/kgb-bot reload (code=exited, status=0/SUCCESS) Jan 26 03:57:27 elephant kgb-bot[26584]: Reloading Collaborative IRC helper: kgb-bot. systemd thinks the service is running ok, but the daemon has in fact crashed or exited because of the event logged above. Both service kbg-bot start and systemctl start kgb-bot do nothing. I have to service kgb-bot stop to get out of this state. (It seems that this could stand to be improved, by eg, writing a systemd service file that doesn't let the daemon fork, so systemd can handle logging and know when the process has exited.) This is easy to fix, as the bot has a --foreground parameter. Here's the log from the previous time it happened: 2015.01.15 23:05:33: Connected to freenode (wolfe.freenode.net) 2015.01.15 23:05:33: Joining #commits... Did not get DONE/CLOSE event for Wheel ID 1089 from IP 222.186.34.155 at /usr/share/perl5/POE/Component/Server/SimpleHTTP.pm line 221. I had a problem posting to event Got_Request of session SOAPServer for DIR handler '.*'. As reported by Kernel: 'No such file or directory', perhaps the session name is spelled incorrectly for this handler? at /usr/share/perl5/POE/Session.pm line 483. I don't know the IP 222.186.34.155. I assume it is trying to exploit my server with its DIR .* DIR .* is a red herring here. The SOAP service registers a HTTP handler for all paths, expressed as .* (AIUI). Since this appears to be at least a DOS, I've tagged the bug as a minor security issue. Thanks. Putting debug: 1 in /etc/kgb-bot/kgb.conf will turn on debugging (and excessive logging). Perhaps that can give more clues the next time the crash happens. -- dam signature.asc Description: Digital signature
