Why does the IBM® Rational® Build Forge® version 7.0.2 Agent generate multiple bfagent server processes, which consume the CPU of the host when a port scanner is in use? They must be terminated manually to prevent the system from shutting down.
When using port scanning software to check for network vulnerabilities, the Build Forge Agent spawns many bogus bfagent processes that loop endlessly, which must be killed manually to prevent the system from being taken down.
In general, if a port scanner opens a socket on the Agent's port, the socket will be closed by the Agent as soon as the scanner closes the port. The problem is that the agent misinterprets the closed socket, and continues to read garbage data from the already closed socket.
APARs related to this issue are:
- PK59905 - Build Forge agent generating rogue processes after port scan (anticipated to be fixed in Build Forge iFix2 for 7.0.2)
- PK69465 - Using nmap opens bfagent processes which don't close and use 100% CPU (anticipated to be fixed in Build Forge iFix3 for 7.0.2)
Note: Both of these issues contribute to hanging bfagent processes on UNIX®, Linux® and Microsoft® Windows®.
The defects have been fixed in the following interim fixes (iFixes):
All the available downloads and updates for Build Forge 7.x are listed in technote 1254846 .
Note: If you have not upgraded your environment, then Build Forge iFix1 for version 7.0.1 does not have this problem. Otherwise, you will need to upgrade to the latest Build Forge release to resolve this issue.