Re: Local Denial-of-Service attack against Linux

[aleph1 () SECURITYFOCUS COM (Elias Levy)]

Gigi Sullivan <sullivan () sikurezza org>:

Tried on 2.2.14 kernel, Debian 2.1 slink.
Like Michal said it has no effect (except some kmalloc messages), but
if you leave it run and try to switch to another virtual console,
the only thing to do is reboot, the system will freeze.
Reboot is the solution (here).

Even SysRQ didnt' work.

bella <bella () pci poltava ua>:

I tested it in my box and... Ports < 1024 absolutely disabled, but ports >
1024 worked fine. I'm running squid on 3128 and apache2 on 8000. ping ok
too. Local consoles unusable. After hardware reset fsck kill exploit
binary! Wonderfull! :)

Helmuth Antholzer <helli () dnet it>:

This works also on Corel Linux 1.0 with Kernel 2.2.12. The only way to stop
the program is the reset button.

"Keith Warno" <keith () HaggleWare com>:

SuSE 6.2, kernel 2.2.14, i686, lightly-loaded (5 users,  load average: 0.00,
0.04, 0.07)

Bunch of kmalloc messages:
Mar 25 15:52:47 develop kernel: rge
Mar 25 15:52:47 develop kernel: kmalloc: Size (131076) too large
Mar 25 15:52:47 develop last message repeated 454 times

While the program was running as an unpriveleged user the system would not
respond to any request for service or to any keypress for that matter, other
than a Control-C to kill the program.

Visitor <visitors () libero it>:

it's the same on my redhat 6.1 kernel 2.2.14aa10
(aa means Andrea Arcangeli)
with a ctrl+C it can be aborted.

Koblinger Egmont <egmont () fazekas hu>:

If I run this program on the console, I can kill it by pressing ^C. But
starting it from an xterm it completely hangs my machine.
(I have 2.2.14.)

Jay Fenlason <fenlason () CLEARWAY COM>:

Works on redhat 6.0 (unpatched kernel) as well.

Cliff Albert <cliff () oisec net>:

On my debian 2.2 system running Kernel 2.2.14 i experienced the same as
you did. It didn't crash my system, only getting a lot of kmalloc
messages.. Ctrl-C killed the thing without any noticeable lag.