[11746] in bugtraq
Re: NetBSD 1.4.1 local DoS
daemon@ATHENA.MIT.EDU (Nikolay N. Igotti)
Wed Sep 8 15:01:55 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <AAkTqqt0y6@nike.softjoys.ru>
Date: Mon, 6 Sep 1999 08:47:42 +0400
Reply-To: "Nikolay N. Igotti" <nike@NIKE.SOFTJOYS.RU>
From: "Nikolay N. Igotti" <nike@NIKE.SOFTJOYS.RU>
X-To: root@IHACK.NET
To: BUGTRAQ@SECURITYFOCUS.COM
> This does not `freeze' the system per se. What it does is tie up all
> the network resources, and make it impossible to any network I/O (even
> through Un*x-domain sockets).
>
> Linux is not generally vulnerable to the exploit as posted, because it
> seems to only accept 64512 bytes from the write(2)s, and limit the
> file descriptor table to 256 entries (at least by default), thus
> making the program chew up less memory. However, a trivial variant
> (attached below) causes memory exhaustion on the Linux system I
> tested. Interestingly, this did not cause the Linux system to crash,
> but it does cause a bunch of processes to be killed -- gpm, klogd,
I've posted message titled "linux memory DOS" about 5 days ago to linux-kernel list.
This situation is reproducible even without any IO/fork operations, only with memory
operations. There are some suggested patches, at least to fix memory problem.
Look linux-kernel mailing list archive for more info.
> update, crond, and finally the test program itself. So there is still
> a denial of service, especially if the program is modified to
> continually fork as well (also attached below, although it could be
> done a bit better).
>
