[6379] in bugtraq
Modified floppies can crash Linux
daemon@ATHENA.MIT.EDU (KiloByte)
Mon Mar 23 13:09:59 1998
Date: Mon, 23 Mar 1998 16:39:45 +0100
Reply-To: KiloByte <kilobyte@mimuw.edu.pl>
From: KiloByte <kilobyte@MIMUW.EDU.PL>
To: BUGTRAQ@NETSPACE.ORG
Hi!
While playing with file allocation tables, I noticed that if a FAT volume
(eg. a floppy) with looped allocation chain is being read under Linux, the
system stops responding and cannot be recovered to a working state without
a hardware rebooting.
This bug is not-so-useful for performing Denial-Of-Service attacks (if an
evildoer managed to put a floppy into your computer, why won't he just
press the power switch?), although he can leave a modified floppy on your
desk. It is sufficient to just ls that floppy.
Sample exploit is at http://rainbow.mimuw.edu.pl/~ab171958/FAT.html#Linux
I tested this exploit on kernel versions 2.0.30, 2.0.31 and 2.0.32, it
always works.
/-----------------------\ Hiroshima'45
| kilobyte@mimuw.edu.pl | Chernobyl'86
\-----------------------/ Windows'95
http://rainbow.mimuw.edu.pl/~ab171958/
