[19736] in bugtraq
Bash memory exhaustion (was Re: Multiple vendors FTP denial of
daemon@ATHENA.MIT.EDU (Nick Lamb)
Tue Mar 20 21:19:58 2001
Mail-Followup-To: BUGTRAQ@SECURITYFOCUS.COM
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="n8g4imXOkfNTN/H1"
Content-Disposition: inline
Message-ID: <20010319180129.A29234@ecs.soton.ac.uk>
Date: Mon, 19 Mar 2001 18:01:29 +0000
Reply-To: Nick Lamb <njl98r@ECS.SOTON.AC.UK>
From: Nick Lamb <njl98r@ECS.SOTON.AC.UK>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <20010319102443.A5378@securityfocus.com>; from
aleph1@SECURITYFOCUS.COM on Mon, Mar 19, 2001 at 10:24:43AM -0700
--n8g4imXOkfNTN/H1
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Mon, Mar 19, 2001 at 10:24:43AM -0700, Elias Levy wrote:
> From: Liviu Sas <liviu@bv.ro>
>=20
> Looks like bash 2.04.0(1)-release an linux, and older are also vulnerable
> to this bug ...
> a `ls */../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*` coma=
nd
> makes bash eat all memory and cpu available making the machine crash.
The machine will only crash if you've instructed it to allow bash to
allocate memory indefinitely. Unless you trust your users not to be
malicious or incompetent you should have kernel-enforced limits in place
to prevent this.
Set limits on userspace processes, in e.g. Red Hat /etc/security/limits.conf
and ensure that your limits reflect the capabilities of the hardware.
Getting this perfect is very hard, but getting it good enough to deter
casual vandals or thoughtless users is quite easy.
It is arguable that the FTP daemon is responsible for doing argument
checking to prevent DOS attacks, but bash can hardly be held to the same
standard.
Nick.
--n8g4imXOkfNTN/H1
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE6tkl4JL0BVnQb59gRAoBMAJ9I67gXSH3REPE5jbMlzdIiXls4yQCfbuid
IcpHyrCahBWRaI33C2vWBJk=
=xP/g
-----END PGP SIGNATURE-----
--n8g4imXOkfNTN/H1--
