| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Pine.LNX.4.33_heb2.09.0401070208470.31971-100000@fireball.tau.ac.il> Date: Wed, 7 Jan 2004 02:12:55 +0200 (IST) From: Ariel Biener <ariel@...eball.tau.ac.il> To: Christophe Devine <devine@....cnam.fr> Cc: <full-disclosure@...ts.netsys.com>, BugTraq Mailing List <bugtraq@...urityfocus.com> Subject: Re: Linux kernel do_mremap() proof-of-concept exploit code On Mon, 5 Jan 2004, Christophe Devine wrote: Hi, I tested it on various machines, including single/dual pIII, single/dual Xeon P4, etc. I only managed to either freeze the machine or reboot it. However, since this compiled binary needs to special permissions to be affective, I have found out that on any mail server where the user can edit his .procmailrc or .forward in this home directory (typical deparmental or even campus Linux mail servers at academic institutes), and do the following: :0 * ^Subject: reboot | /path/to/homedir/do_remap Then, at his convenience, all he/she needs to do is send an e-mail to themselves with the subject reboot, and voilla, either the mail servers reboots or goes caput (freezes). Nasty. --Ariel > The following program can be used to test if a x86 Linux system > is vulnerable to the do_mremap() exploit; use at your own risk. > -- Ariel Biener e-mail: ariel@...t.tau.ac.il PGP(6.5.8) public key http://www.tau.ac.il/~ariel/pgp.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists