Uploaded image for project: 'ZooKeeper'
  1. ZooKeeper
  2. ZOOKEEPER-2693

DOS attack on wchp/wchc four letter words (4lw)

    XMLWordPrintableJSON

Details

    Description

      The wchp/wchc four letter words can be exploited in a DOS attack on the ZK client port - typically 2181. The following POC attack was recently published on the web:

      https://vulners.com/exploitdb/EDB-ID:41277

      The most straightforward way to block this attack is to not allow access to the client port to non-trusted clients - i.e. firewall the ZooKeeper service and only allow access to trusted applications using it for coordination.

      Attachments

        1. ZOOKEEPER-2693-01.patch
          8 kB
          Mohammad Arshad

        Issue Links

          Activity

            People

              hanm Michael Han
              phunt Patrick D. Hunt
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 1h 10m
                  1h 10m