What is the worst case when the epmd port is open?

Question

When using Erlang programs like ejabberd the Erlang port mapper daemon epmd is started and opens port 4369.

This port is accessible over the internet (only most recent ejabberd versions allow to configure that epmd should bind to localhost) by default.

The ejabberd documentation recommends blocking this port via packet filter rules and a comment in the Debian bug tracker calls this default behavior 'a nightmare from a security point of view'.

What is the worst case scenario when ejabberd is running and port 4369 is not blocked?

Say - the firewall is mis-configured by accident or something like that.

What would be the most evil thing a Erlang-fluent attacker could do over this port?

Under what user/privileges runs the epmd under a linux distribution (e.g. Debian/Ubuntu)?

Answer 1

Great question.

Besides port 4369 you also have to take into account the ports it will suggest for the actual inter-node communication (5001-6024 by default). Like all tcp services it will be vulnerable to evil-doers, as software is never bug free thus hackable. Think SSH and it's buffer overflow vulnerabilities. As 'epmd' doesn't provide a lot of services, internode communication is authenticated with a secure cookie code and the relative old age of Erlang you would expect not a lot of bugs in that area. But a good pedigree alone doesn't count in the security area. ;-)

As you wrote, you need a properly configured firewall to make sure the server is not exposed like that. You need to make sure in your maintenance process that proper functioning of the firewall is thoroughly checked.

Oh, and I run my Erlang node as non-root user with limited file permissions.