Bugtraq mailing list archives
Re: Local Denial-of-Service attack against Linux
From: sullivan () SIKUREZZA ORG (Gigi Sullivan)
Date: Mon, 3 Apr 2000 23:00:24 +0200
Aiee:) Hello!
The issues causing this DoS are apparently more complex than it may appear, I have followed the discussion in the Linux kernel mailing list. There is a patch for the exploit in 2.2.15pre-16 and it is a noteworthy amount of code. Jeff
Well, as I said in my previous post, I did the patch, but I said that I'm not sure if my patch is the `right way to do it'. However, I downloaded pre-patch-2.2.15pre-16 from ftp.kernel.org/pub/linux/kernel/people/alan and this was the patch I found: diff -u --new-file --recursive --exclude-from /usr/src/exclude linux.vanilla /net/unix/af_unix.c linux.15pre16/net/unix/af_unix.c --- linux.vanilla/net/unix/af_unix.c Sat Aug 14 02:27:46 1999 +++ linux.15pre16/net/unix/af_unix.c Tue Mar 28 17:27:52 2000 @@ -969,6 +969,10 @@ return -ENOTCONN; } + err = -EMSGSIZE; + if (len > sk->sndbuf) + goto out; + if (sock->passcred && !sk->protinfo.af_unix.addr) unix_autobind(sock); And this isn't so different from my one (except the fact that I check len > sk->sndbuff - 16, thus limiting the sending buffer. [so in that I was wrong]). Thx a lot! bye bye -- gg sullivan -- Lorenzo Cavallaro `Gigi Sullivan' <sullivan () sikurezza org> Until I loved, life had no beauty; I did not know I lived until I had loved. (Theodor Korner)
Current thread:
- Re: Local Denial-of-Service attack against Linux Jeff Dafoe (Apr 02)
- Win32 RealPlayer 6/7 Buffer Overflow Adam Muntner (Apr 03)
- Re: Local Denial-of-Service attack against Linux Gigi Sullivan (Apr 03)
- Re: IMAIL (Ipswitch) DoS with Eudora (Qualcomm) Anthony Santen (Apr 04)
- minor issue with IBM HTTPD and /usr/bin/ikeyman Rude Yak (Apr 05)
- PcAnywhere weak password encryption Pascal Longpre (Apr 05)
- The Sentinel Project Marshall (Apr 06)