Home
My Page
Projects
OpenVAS

[#1066] ssh_login_or_reuse_connection() caused different Problems.

Date:
2009-07-21 12:00
Priority:
3
State:
Open
Submitted by:
Michael Meyer (mime)
Assigned to:
Nobody (None)
Architecture:
32 bits
Product:
OpenVAS
Operating System:
Linux
Component:
None
Version:
None
Severity:
normal
Resolution:
None
Hardware:
PC
URL:
 
Summary:
ssh_login_or_reuse_connection() caused different Problems.

Detailed description
Server-Environment 1:

Linux kira 2.6.26-gentoo #1 Sat Jul 19 14:04:50 CEST 2008 i686 AMD Athlon(tm) XP AuthenticAMD GNU/Linux

Gentoo 32bit



openvas-libraries 2.0.3

openvas-libnasl 2.0.1

openvas-server 2.0.2

openvas-plugins 1.0.7



All from Source.



Server-Environment 2:



Linux cody 2.6.22.19-0.2-default #1 SMP 2008-12-18 10:17:03 +0100 i686 i686 i386 GNU/Linux

openSUSE 10.3 32bit



openvas-libraries 2.0.3

openvas-libnasl 2.0.1

openvas-server 2.0.2

openvas-plugins 1.0.7



All from Source.



Client-Configuration:



checks to perform concurrently = 1

The only activated Plugin is "secpod_apache_apr-utils_detect.nasl".

Dependencies = Enable at runtime





Problem Server-Environment 1:



[Tue Jul 21 13:33:45 2009][27236] user mime : launching http_version.nasl against 192.168.1.2 [27316]

[Tue Jul 21 13:33:45 2009][27236] http_version.nasl (process 27316) finished its job in 0.044 seconds

[Tue Jul 21 13:33:45 2009][27236] user mime : launching secpod_apache_apr-utils_detect.nasl against 192.168.1.2 [27319]



==> /opt/openvas-2.0.2/var/log/openvas/openvasd.dump <==

Could not realloc() a pointer of size 1919116628 !



==> /opt/openvas-2.0.2/var/log/openvas/openvasd.messages <==

[Tue Jul 21 13:35:45 2009][27236] shared_socket: Secret/SSH/socket is unknown

[Tue Jul 21 13:35:45 2009][27236] process_internal_msg for secpod_apache_apr-utils_detect.nasl returned -1

[Tue Jul 21 13:35:45 2009][25756] user mime : test complete

[Tue Jul 21 13:35:45 2009][25756] Total time to scan all hosts : 145 seconds

[Tue Jul 21 13:35:45 2009][25756] user mime : Kept alive connection





Problem Server-Environment 2:



[Tue Jul 21 09:54:21 2009][5386] shared_socket: Secret/SSH/socket is unknown

[Tue Jul 21 09:54:21 2009][5386] process_internal_msg for secpod_apache_apr-utils_detect.nasl returned -1

[Tue Jul 21 09:56:21 2009][5386] Process 5445 seems to have died too early

[Tue Jul 21 09:56:21 2009][5386] process_internal_msg for secpod_apache_apr-utils_detect.nasl returned -1

[Tue Jul 21 09:56:21 2009][5386] Finished testing 192.168.1.2. Time : 256.29 secs

[Tue Jul 21 09:56:21 2009][4968] user mime : test complete

[Tue Jul 21 09:56:21 2009][4968] Total time to scan all hosts : 256 seconds



Process 5445 is secpod_apache_apr-utils_detect.nasl..



This happens when "ssh_login_or_reuse_connection()" is called by secpod_apache_apr-utils_detect.nasl *and* there is more than one HTTPD listen.

The Scan-Target has an Apache and a Squid/Cups running. If i shut down one of them, so that only one HTTPD is listen, there is no problem.



Problem seems to be somewhere around "function ssh_reuse_connection()" from ssh_func.inc.



If i commented out



#soc = shared_socket_acquire("Secret/SSH/socket");



#if ( reuse_connection_init() < 0 )

# {

# _reuse_connection = 0;

# return 0;

# }



problem is gone.



if i only commented out



#soc = shared_socket_acquire("Secret/SSH/socket");



the problem remains.



if i only commented out



#if ( reuse_connection_init() < 0 )

# {

# _reuse_connection = 0;

# return 0;

# }



the problem remains.









Followup

Message
Date: 2009-07-22 11:54
Sender: Michael Meyer

Same problem exist in secpod_proftpd_server_detect.nasl when multiple FTPD listen. Maybe there are more Plugins affected.
Date: 2009-07-22 10:38
Sender: Chandrashekhar B

When the scripts are forked when multiple ports are involved, ssh_login_reuse() will be called multiple times and that seems to create problem.

Removed the HTTP checks, doing only local check. Committed to svn.
Date: 2009-07-22 07:55
Sender: Michael Meyer

No ;-)

For testing:

sock = ssh_login_or_reuse_connection();
display("DONE\n");

"Done" is never reached...
Date: 2009-07-22 07:28
Sender: Felix Wolfsteller

Does it work when you comment out the close_ssh_connection in secpod_apache_apr-utils_detect.nasl (last line I think)?
Date: 2009-07-21 13:16
Sender: Michael Meyer

Forgotten 2:

Of course i have *no* local checks configured. No Username/Pass and no SSH-Key.
Date: 2009-07-21 12:27
Sender: Michael Meyer

Forgotten:

After 'Could not realloc() and '[Tue Jul 21 14:29:49 2009][27652] user mime : test complete':

ps auxwww

root 27652 2.6 3.3 20960 17496 ? Ss 14:24 0:08 openvasd: serving 127.0.0.1
root 27758 0.0 3.8 24112 19708 ? S 14:27 0:00 openvasd: testing 192.168.1.2 (/opt/openvas-2.0.2/lib/openvas/plugins/secpod_apache_apr-utils_detect.nasl)
root 27760 0.0 3.7 24112 19540 ? S 14:29 0:00 openvasd: testing 192.168.1.2 (/opt/openvas-2.0.2/lib/openvas/plugins/secpod_apache_apr-utils_detect.nasl)




Attached Files:

Changes:

No Changes Have Been Made to This Item


This site is hosted by Intevation GmbH