Lucene search
K

linux-2.2.0-DoS.txt

🗓️ 17 Aug 1999 00:00:00Reported by Packet StormType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 38 Views

Linux 2.2.0 kernel bug allows users to crash systems, confirmed on specific x86 hardware.

Code
`Date: Wed, 27 Jan 1999 03:14:29 -0500  
From: //Stany <[email protected]>  
To: [email protected]  
Subject: Re: 2.2.0 SECURITY (fwd)  
  
Later on down the thread there are other people then Dan Burcaw who say  
that the bug crashes their boxes too.  
  
I suggest reading the thread on Linux Kernel archives for more  
information. See information at the bottof of forwarded message for  
information.  
  
---------- Forwarded message ----------  
Date: Tue, 26 Jan 1999 22:08:03 -0700 (MST)  
>From: Dan Burcaw <[email protected]>  
To: Richard Gooch <[email protected]>  
Cc: [email protected]  
Subject: Re: 2.2.0 SECURITY  
  
  
This has been tested and causes crashes on:  
  
AMD K6-2 350  
AMD K6-2 400  
Intel 486 SX25 w/ P90 Overdrive  
  
On Wed, 27 Jan 1999, Richard Gooch wrote:  
  
> Dan Burcaw writes:  
> >  
> > There is a bug that works only on the 2.2.0 kernel that will allow root  
> > and non-root users to crash the machine (the system reboots).  
> >  
> > To replicate this bug do following:  
> >  
> > Take any core file, and as normal user or root run: ldd core  
> >  
> > The machine will reboot, saying that it cannot get execution permissions  
> > for ./core  
> >  
> > As far as I can tell, this problem only affects x86 machines running  
> > 2.2.0. I know that PPC is not affected.  
>  
> Just tried this on a dual PPro:  
>  
> % cat > try.c  
> void main ()  
> {  
> * (unsigned int *) 0 = 0;  
> }  
> % cc -o try try.c  
> % ./try  
> Segmentation fault  
> % ldd core  
> % dmesg | tail -1  
> perfmon: v0.4 (19990127) Richard Gooch ([email protected]), 2 counters  
>  
> Nope, doesn't cause a reboot, panic, Oops or any problems  
> here. Running as root makes no difference.  
>  
> Regards,  
>  
> Richard....  
>  
  
  
Dan  
  
Terra Firma Design & Terra Soft Solutions, Inc.  
  
voice (970) 416-9821 in Fort Collins  
email [email protected]  
website http://www.terraplex.com/  
  
  
  
-  
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in  
the body of a message to [email protected]  
Please read the FAQ at http://www.tux.org/lkml/  
  
--  
+-----------------------------------------------------------------------------+  
| Stanislav N. Vardomskiy - Procurator Odiosus Ex Infernis[TM] |  
| This message is brought to you by letters jey, ow, el and tee. |  
| Jolt! For all the sugar and twice the caffeine. |  
+-----------------------------------------------------------------------------+  
  
--------------------------------------------------------------------------------  
  
Date: Wed, 27 Jan 1999 19:19:01 +0000  
From: Alan Cox <[email protected]>  
To: [email protected]  
Subject: Re: 2.2.0 SECURITY (fwd)  
  
> Later on down the thread there are other people then Dan Burcaw who say  
> that the bug crashes their boxes too.  
>  
> I suggest reading the thread on Linux Kernel archives for more  
> information. See information at the bottof of forwarded message for  
> information.  
  
Yep its real bug. The relevant info for early adopters is:  
  
  
>From: MOLNAR Ingo <[email protected]>  
To: [email protected], [email protected]  
cc: Linus Torvalds <[email protected]>, Alan Cox <[email protected]>, "David S. Miller" <[email protected]>  
Subject: [patch] 'coredump crash' fixed  
  
it was a very subtle bug and has nothing to do with coredumps at all, but  
it's very rare and the invalid coredump ELF layout accidentally triggered  
the bug.  
  
with the attached patch applied i get:  
  
[root@moon /root]# ldd core  
not a dynamic executable  
[root@moon /root]#  
  
just as expected. The reason why we crash and why it made the kernel  
reboot in such a nasty way was that munmap() did just a tad more work than  
necessary and we zapped 0xc0000000's page table entry ... that is a pretty  
vital piece of 4M virtual space on Linux ;) (erm, just dont ask me how i  
managed to debug this ;)  
  
-- mingo, running a hopefully much safer kernel now ;)  
  
--- linux/mm/mmap.c.orig Wed Jan 27 14:09:31 1999  
+++ linux/mm/mmap.c Wed Jan 27 14:06:09 1999  
@@ -558,7 +558,7 @@  
unsigned long start, unsigned long end)  
{  
unsigned long first = start & PGDIR_MASK;  
- unsigned long last = (end & PGDIR_MASK) + PGDIR_SIZE;  
+ unsigned long last = ((end-1) & PGDIR_MASK) + PGDIR_SIZE;  
  
if (!prev) {  
prev = mm->mmap;  
  
-  
Linux SMP list: FIRST see FAQ at http://www.irisa.fr/prive/mentre/smp-faq/  
To Unsubscribe: send "unsubscribe linux-smp" to [email protected]  
  
--------------------------------------------------------------------------------  
  
Date: Wed, 27 Jan 1999 05:41:59 +0000  
From: Aaron Lehmann <[email protected]>  
To: [email protected]  
Subject: 2.2.0 SECURITY (fwd)  
  
A bug has been discovered in the recently released Linux 2.2.0. I suggest  
going back to Linux 2.0.36 until this nasty bug is fixed.  
  
It was later realized that this bug DOES also affect Linux 2.2.0ac1, but  
only if the core file has permissions 600.  
  
  
KeyID 1024D/73348CA0  
Fingerprint 8EFC 7F10 F26C 55A8 458A 38B0 890F 384F 7334 8CA0  
Public key available at http://www.vitelus.com/aaronl/pubkey.asc  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Aug 1999 00:00Current
7.4High risk
Vulners AI Score7.4
38