Hi, I found an easily exploitable local denial of service in tcsd due to a segfault.
Steps to reproduce: 10 times $ nc localhost 30003 & Result: # tcsd -f TCSD tcsd_conf.c:98 platform_class_list_append: platform_class_list_append start: TCSD tcsd_conf.c:130 platform_class_list_append: Platform Class Added. TCSD TCS ps/ps_utils.c:511 init_disk_cache: found 13 valid key(s) on disk. TCSD TCS tcsi_caps_tpm.c:43 Entering Get Cap To TPM: 00 C1 00 00 00 12 00 00 00 65 00 00 00 1A 00 00 To TPM: 00 00 ... TCSD TDDL tddl.c:171 Calling write to driver >From TPM: 00 C4 00 00 00 10 00 00 00 00 00 00 00 02 00 00 TCSD svrside.c:493 trousers 0.3.13: TCSD up and running. TCSD svrside.c:531 Waiting for connections TCSD svrside.c:556 accepted socket 7 TCSD svrside.c:531 Waiting for connections TCSD svrside.c:556 accepted socket 8 TCSD svrside.c:531 Waiting for connections TCSD svrside.c:556 accepted socket 9 TCSD svrside.c:531 Waiting for connections TCSD svrside.c:556 accepted socket 10 TCSD svrside.c:531 Waiting for connections TCSD svrside.c:556 accepted socket 11 TCSD svrside.c:531 Waiting for connections TCSD svrside.c:556 accepted socket 12 TCSD svrside.c:531 Waiting for connections TCSD svrside.c:556 accepted socket 13 TCSD svrside.c:531 Waiting for connections TCSD svrside.c:556 accepted socket 14 TCSD svrside.c:531 Waiting for connections TCSD svrside.c:556 accepted socket 15 TCSD svrside.c:531 Waiting for connections TCSD svrside.c:556 accepted socket 16 TCSD svrside.c:531 Waiting for connections TCSD svrside.c:556 accepted socket 17 TCSD ERROR: tcsd_threads.c:114 max number of connections reached (10), new connection from localhost refused. LOG_RETERR TCSD TCS tcsd_threads.c:119: 0x103 Segmentation Fault Expected Result: tcsd continues to work trousers version: TROUSERS_0_3_13 Unfortunately I haven't found time to dig through the code... Thanks, Peter ------------------------------------------------------------------------------ Infragistics Professional Build stunning WinForms apps today! Reboot your WinForms applications with our WinForms controls. Build a bridge from your legacy apps to the future. http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk _______________________________________________ TrouSerS-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/trousers-tech
