lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.GSO.4.44.0605171356590.17417-100000@netman>
Date: Wed, 17 May 2006 14:03:23 -0500 (CDT)
From: Doug Hughes <doug@....auburn.edu>
To: bugtraq@...urityfocus.com
Subject: Sun single-CPU DOS




single CPU Sun microsystems system running solaris7, 8, or 9
(haven't tested on 10). E.g. netra.

if you telnet to a local router, disable nagle (on purpose
or by accident or whatever - if nagle is turned off), and then
ping another device with interpacket delay of 0 and a count
of somewhere above 100,000 pings, it will effectively
DOS the machine you are telneting from.

The machine becomes unusable, will not accept break on console.
totally hung.

After opening a case with Sun on this issue and going back and
forth for 9 months, they have decided that I am manufacturing
jabber and the appropriate course of action is to remove the
offending device (the router in this case) from the network.

In other words, they refuse to fix the DOS issue under the assertion
that it is a physical issue rather than an issue of the OS
improperly handling a stream of small TCP packets.

They have closed the escalation, so I am left with no recourse but
to report it as a bug to the rest of you.

For machines with more than 1 CPU, one cpu becomes bogged down but
the other CPU continues to handle OS tasks ok.





Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ