Package: yersinia
Version: 0.7.2+svn48+ntohl-1
Severity: important
Tags: patch upstream
yersinia gets stuck in a tight loop when keyboard interaction is
required, ie, calling the ncurses interface (-I) or using the CLI for
attacks that are stopped by pressing a key.
It occurs since non network interfaces are return by pcap_findalldevs,
like nflog or usbmon1. The function interface_init_data() fails but
the return code is not tested in interface_init(). It seems that stdin
is closed and file descriptor 0 reused for a socket.
The attached patch excludes "nflog" and "usbmonX" devices in addition
to "any" and the loopback.
To reproduce the problem:
# yersinia stp -interface eth0 -version 3 -attack 4
<*> Starting NONDOS attack Claiming Root Role...
<*> Press any key to stop the attack <*>
the last process has to be killed to stop.
On wheezy (kernel 3.2) where nflog exists the file descriptors are as
follows:
# ls -l /proc/22428/fd/
total 0
lrwx------ 1 root root 64 nov. 29 18:45 0 -> socket:[48001]
lrwx------ 1 root root 64 nov. 29 18:45 1 -> /dev/pts/1
lrwx------ 1 root root 64 nov. 29 18:45 2 -> /dev/pts/1
lrwx------ 1 root root 64 nov. 29 18:45 3 -> /tmp/yersinia.log
lrwx------ 1 root root 64 nov. 29 18:45 4 -> socket:[48004]
=== messages found in yersinia.log
eth0 iflinkname EN10MB
eth0 iflinkdesc Ethernet
eth0 MAC = 0002.55ee.9b5b
nflog iflinkname NFLOG
nflog iflinkdesc Linux netfilter
libnet_init failed on nflog -> libnet_check_iface() ioctl: No such
device
th_tty_peer thread = -1250792592...
th_uptime thread = -1242399888
eth0 libnet_handler 921EEE8
Entering command line mode...
attack_launch: -1250792592 Attack thread -1261921424 is born!!
TERM signal received from -1234003360!
g00dbye function called from -1234003360
====
The same command run on squeeze works correctly, file descriptors as
normal:
# ls -l /proc/9319/fd
total 0
lrwx------ 1 root root 64 29 nov. 18:36 0 -> /dev/pts/1
lrwx------ 1 root root 64 29 nov. 18:36 1 -> /dev/pts/1
lrwx------ 1 root root 64 29 nov. 18:36 2 -> /dev/pts/1
lrwx------ 1 root root 64 29 nov. 18:36 3 -> /tmp/yersinia.log
lrwx------ 1 root root 64 29 nov. 18:36 4 -> socket:[7997751]
lrwx------ 1 root root 64 29 nov. 18:36 5 -> socket:[7997754]
l-wx------ 1 root root 64 29 nov. 18:36 7 -> pipe:[7959155]
-- System Information:
Debian Release: wheezy/sid
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'testing'), (100,
'stable')
Architecture: i386 (i686)
Kernel: Linux 3.2.0-4-686-pae (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages yersinia depends on:
ii libatk1.0-0 2.4.0-2
ii libc6 2.13-35
ii libcairo2 1.12.2-2
ii libfontconfig1 2.9.0-7
ii libfreetype6 2.4.9-1
ii libglib2.0-0 2.33.12+really2.32.4-3
ii libgtk2.0-0 2.24.10-2
ii libncurses5 5.9-10
ii libnet1 1.1.4-2.1
ii libpango1.0-0 1.30.0-1
ii libpcap0.8 1.3.0-1
yersinia recommends no packages.
yersinia suggests no packages.
-- no debconf information
Thanks,
--
Michel Casabona
--- interfaces.c-orig 2008-06-06 08:02:13.000000000 +0200
+++ interfaces.c 2012-11-29 20:12:23.157187558 +0100
@@ -145,7 +145,9 @@
while (index)
{
- if ( (strncmp(index->name,"any",strlen(index->name))) &&
+ if ( (strncmp(index->name,"any",strlen(index->name)) != 0) &&
+ (strncmp(index->name,"nflog",strlen(index->name)) != 0) &&
+ (strncmp(index->name,"usbmon",strlen("usbmon")) != 0) &&
(index->flags != PCAP_IF_LOOPBACK) )
{
if ((iface_data = (struct interface_data *) calloc(1, sizeof(struct interface_data))) == NULL) {
