[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 11 Jan 2006 16:13:51 +0100
From: Paul Starzetz <paul@...rzetz.de>
To: "labs@...fense.com" <labs@...fense.com>
Cc: full-disclosure@...ts.grok.org.uk, vulnwatch@...nwatch.org,
bugtraq@...urityfocus.com
Subject: Re: iDefense Security Advisory 12.22.05: Linux
Kernel Socket Buffer Memory Exhaustion DoS Vulnerability
labs-no-reply@...fense.com wrote:
>
> The vulnerability specifically exists due to a lack of resource checking
> during the buffering of data for transfer over a pair of sockets. An
> attacker can create a situation that, depending on the amount of
> available system resources, can cause the kernel to panic due to memory
> resource exhaustion. The attack is conducted by opening up a number of
This is and has been ever known stuff in Linux :-]
The problem is even worse, since you can use AF_UNIX sockets to "hide"
other filled sockets from the file-table descriptor limit (via send_msg).
please check
http://ko.librie.org/bigrip4.c
running it as unprivileged user will kill most of the processes (even
those of root) on vulnerable machines.
regards
Paul Starzetz
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists