Monero: monerod JSON RPC server remote DoS
Discription

Monero daemon (monerod) does not limit Content-length variable when processing incoming HTTP requests.
We can force monerod to allocate arbitrary amount of memory.

How to reproduce:
1) compile monero https://github.com/monero-project/monero
2) run it:
$ ulimit -Sv 1000000000
$ ./bin/monerod –rpc-login test:test –rpc-bind-ip 0.0.0.0 –confirm-external-bind

3) run attached script m1.py
$ python2 ./m1.py 192.168.1.34

4) after some time OOM killer will stop monerod

## Impact

monerod process can be stopped remotely, no authentication is required.
An access to JSON RPC port is enough.Read More

Back to Main

Subscribe for the latest news: