CMM: Telnet CLI: Only accept localhost connections
cmm provides a command line interface (CLI) that allows users to query
status information like the list of active connections. It turned out,
though, that this CLI is not very robust and can be used to easily DOS
cmm. For example, this command
echo Ping of death | telnet <ipaddr> 2103
will ultimately cause cmm to be killed by SIGPIPE because cmm presumably
tries to write to the socket that telnet closed prematurely.
Very few people if any use cmm's CLI. Let's just make it inaccessible
from outside the box by binding the TCP socket to the localhost IP
address. If someone decides that they need it, they can set up an SSH
tunnel to get access to the port on localhost.
1 file changed