In POSIX environments, when using GnuTLS library, and using pthread library (the default), a resource leak exists.
This vulnerability can be exploited from the network as DoS attack. There is no breach of data confidentality or
data integrity. This vulnerability was discovered by author. Vulnerability is fixed in the CVS repository.
In file "params.h" there is defined by preprocessor value of "DH_RSA_REGENERATION_NUM_SECS" which defaults to
value of 12 hours, and "DH_RSA_REGENERATION_NUM_TRANSACTIONS" which defaults to value of 500. These two constants
are used only when bot is compiled to use GnuTLS library and control how often RSA and DH parameters are
regenerated. Parameters are regenerated every 12 hours, or every 500 SSL connections, whichever comes first.
In file "ssl.cpp" there was missing pthread_join() API call after thread ended. This can be exploited by malicious
local or remote users from network to connect and subsequently disconnect many times to SSL-enabled listening
On Linux, bot's process consume on each RSA and DH parameters regeneration approximately 20 kilobytes of physical
memory (RSS) for stack, and 8 megabytes of virtual memory (which is the default stack size for new thread on Linux).
On other POSIX systems these values may vary.
Workaround is to not use SSL listening sockets by removing particular SSL-enabled server-creation commands
and functions from the configuration file "logic.txt" (see documentation).
Either export new source from CVS repository or apply following patch:
2008-09-03 - Memory resources increase investigation.
2008-09-03 - Discovery of bug.
2008-09-04 - Public disclosure.
2009-01-25 - Appended RCS ID
2009-01-25 - Made persistent URL of this advisory clickable (hyperlink)
2009-03-26 - Changed sf.net logo at the bottom of this page
Some names used in this document may be registered trademarks of their respective owners.