Skip to content

Instantly share code, notes, and snippets.

@und3f
Created April 20, 2011 11:29
Show Gist options
  • Save und3f/931037 to your computer and use it in GitHub Desktop.
Save und3f/931037 to your computer and use it in GitHub Desktop.
Mojo::IOLoop "workaround" DOS

Issue description

Mojo::IOLoop listens to the random "workaround" port additionally to the "normal" one. Attempt to connect to "workaround" port causes high CPU load and denial of service in some cases (all mojolicious applications that use IOLoop (hypnotoad, mojo daemon, mojo fastcgi, etc…)).

mojolicious/mojo#116

Vulnerable versions

Up to v1.17

How to fix

Update Mojolicious to v1.17 or block all ports greater 30000 with firewall if you can't update because of ruined backward compatibility.

How to reproduce the problem

On the local machine

Start mojolicious application and find the ports opened by the application

% netstat -lnp | grep perl

"Workaround" usually opens the port greater than 30000.

Then connect to the "workaround" port

% nc localhost 31342
% top

Watch out. It can freeze your computer.

On the remote machine

Attacker can exploit vulnerability remotely.

% nmap -p30000-60000 -T4 -sS 

nmap will find all the ports opened by the "workaround". When port is found, follow the same procedure as for the local machine.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment