[513] in linux-security and linux-alert archive
Possible denial of service attack
daemon@ATHENA.MIT.EDU (Todd Day)
Tue Dec 12 05:22:39 1995
Date: Sun, 10 Dec 1995 14:09:00 -0800
To: linux-security@tarsier.cv.nrao.edu
From: Todd Day <today@di.com>
This concerns GNU bash, version 1.14.2(1), at least.
Through accident, I've found that if you enter a twiddle (~) followed
by about seven lines of non-space characters, BASH will consume all
computing resources and start swapping like mad. My system went down
the other day because there was something on the keyboard that caused
tons of twiddles to be typed, then enter got pressed. It took about
10 minutes for me to switch to a virtual terminal, log in, and kill
the bash shell on the other virtual terminal. Everything went back
to normal after that.
If you want to try this for yourself, I suggest you get a kill -9
ready on another virtual terminal first.
This problem doesn't occur if you try this without the leading twiddle.
I suspect the problem lays in the area of BASH that deals with twiddle
dereferencing (perhaps it has a buffer that is being overwritten).
Any user with a login account can use this to bring your system to
its knees.
Sorry if this has been covered (perhaps I have an old version of BASH),
but I've not seen it before.
-todd-
