[25231] in bugtraq
Denial of Service in Mosix 1.5.x
daemon@ATHENA.MIT.EDU (enrico@wizards-of-source.org)
Tue Apr 23 17:36:31 2002
Date: Tue, 23 Apr 2002 23:11:54 +0200 (CEST)
From: enrico@wizards-of-source.org
To: bugtraq@securityfocus.com
Message-ID: <Pine.LNX.4.44.0204232308260.9106-100000@phantom.h07.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Hi,
mosix and probalby open-Mosix are vulnerable to an Denial of Service
attack, the problem lies in the mosix-protocol-stack, mosix are not able
to handle garbage-packets correctly.
MosiX is an cluster-environment for Linux and is avail from www.mosix.org
also vulnerable is to this is the clumpOS-Mosix client cd, the
clumpOS-Mosix Node has also no vnc password set so anyone in the
cluster-network can gain root-access to the affected node. this issue will
be fixed in the next clumpOS Version.
this has been succefully tested on mosix 1.5.7 and latest clumpOS with
dfsa and mfs enabled.
fix:
disable mfs in kernel-configuration
www.h07.org
German Unix/Linux Developer Team
