Bug#481655: ksmserver crashes on some generic nmap scans
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Package: kdebase-workspace-bin
Version: 4:4.0.72-1
Severity: grave
Hello,
as discussed on the IRC channel, here's the IRC log of the bug
discussion (cut out all unnecessary parts):
<the-me> hmm I've found a cute error with KDE4. I'm just running amarok
and listening to the music. everytime I scan this host from another with
for example: nmap -v -A -p1-65500 <desthost>, plasma and ksmserv are
crashing if nmap reaches this port: 46829/tcp open unknown
* the-me tests now if it will appear without amarok, too
<the-me> now at this port: 51184/tcp open unknown
<the-me> nevermind, servicescanning about nmap isn't needed to reproduce it.
<the-me> I don't want to restart this system now (for testing) - could
anyone reproduce it?
<MoDaX> the-me: kde has not opened any ports here
<the-me> MoDaX:
<the-me> tcp 0 0 0.0.0.0:37347 0.0.0.0:*
LISTEN 1000 20150 6189/ksmserver
<the-me> udp 0 0 0.0.0.0:177 0.0.0.0:*
0 19792 6075/kdm
<the-me> but while ksmserver and plasma is crashing, I think the first
one it the evil listening
<the-me> yes, it's definitly the ksmserve one.
<the-me> nmap: 37347/tcp open unknown => crashed.
<the-me> after it crashed and I started kde4 again, ksmserver is
listening on: tcp 0 0 0.0.0.0:56129 0.0.0.0:*
LISTEN 1000 23046 6473/ksmserver
<the-me> nmap: 56129/tcp open unknown => crashed again.
<the-me> the bad thing is also, that I can just grep some rare
informations because nearly nothing is working.
<the-me> for example this, which is from plasma:
http://nopaste.linux-dev.org/?537
<MoDaX> the-me: no, no ports opend by those apps here
<the-me> MoDaX, it's definitly opened again and again with a dynamic
port number. maybe because I have activated xdmcp?
<MoDaX> the-me: I don't know
<the-me> I think this could be security relevant..
<the-me> MoDaX, I thought we could take up some more informations about
this here
<MoDaX> the-me: well, you need to find out why ports are open on your
machine. on both my laptop and desktop (which are +- default), they are
not open
<the-me> I think because of the activated xdmcp
<MoDaX> deactivate it and try?
<trigger> tcp 0 0 0.0.0.0:38700 0.0.0.0:*
LISTEN 1000 8847 4298/ksmserver
<trigger> here
<the-me> trigger, so on, could you reproduce it, too?
<the-me> telneting to it doesn't work :)
<trigger> lemme try. does it also work if you scan your box from your box?
<the-me> I'll try it out, one second
<the-me> trigger, hmmm, seems not so
<trigger> the-me: meh, don't have a different box here right now and
everything is closed from the outside
<the-me> trigger, and now my box has been hardlocked at testing it ;)
<the-me> trigger, but try it out, maybe it will work
<trigger> so, if you won't here from me... ;)
<the-me> trigger, ok it works just from another machine here.
<the-me> anyone else who could try it out?
<trigger> yup, no problems when scanning my local host
<fabo> same for me
<the-me> hmm, hasn't got anyone here more than one host in his network? :)
<MoDaX> the-me: what nmap command to run?
<the-me> MoDaX, nmap -v -A -p1-65500 <kde4host> just for examoke
<the-me> but most of time it also crashes without a service scan
<MoDaX> the-me: I'm still up :)
<MoDaX> the-me: have you disabled xdmcp?
<the-me> is your ksmserver listening on connections from outside?
<MoDaX> absolutely none
<MoDaX> neither udp nor tcp
<trigger> :::* what is this? just local?
<the-me> okay I think then you couldn't reproduce it. I think it's
something like this:
<MoDaX> trigger: all interfaces
<trigger> 0.0.0.0:* is everything. but :::*?
<MoDaX> trigger: :: is ipv6 probably
<the-me> if I scan my machine localy nmap gets the servicename (XFCE
Session manager) - as you have seen if I scan it from outside I just get
an unknown from nmap
<trigger> MoDaX: ah. point taken
<the-me> maybe ksmserver don't want to tell other hosts what it is etc
and at this point it's dieing
<trigger> hihi, nmap is a bit mistaken: 38700/tcp open xfce-session
XFCE Session Manager
<the-me> yes this is from localhost
<trigger> yup
<the-me> see: http://nopaste.linux-dev.org/?539
<the-me> also from localhost => no crash
<the-me> from outside I get an unknown and it crashs
<MoDaX> the-me: have you got a backtrace?
<the-me> MoDaX, just the one I posted, I can't save/copy & paste the
ksmserver one, just the one of plasma :(
<the-me> (because everything is then fucked up :p)
<the-me> see: http://nopaste.linux-dev.org/?537 - this is the only one
which I can save..
<the-me> and I think plasma is just crashing because it needs ksmserver
<fabo> no crash with test done from another host
<MoDaX> fabo: is a port open for you too?
<fabo> no port open related to KDE
<trigger> i wonder why it listens on every interface. 127.0.0.1 would be
anough in my case IMO
<the-me> hmm I'll report it first against the workspace package and
include this IRC log to the report.
- --
Mit freundlichem Gruß / With kind regards,
Patrick Matthäi
E-Mail: patrick.matthaei@web.de
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFILybQ2XA5inpabMcRAh2PAKCeNvzhpBlLvxHeXzpdDgLoMQs1DwCfZ9b8
3kC9I7wqoEdyNKVvvf1Y+es=
=yTO8
-----END PGP SIGNATURE-----
Reply to: