Bugtraq mailing list archives
Re: Solaris 2.5.1/2.6 fingerd bug
From: casper () HOLLAND SUN COM (Casper Dik)
Date: Fri, 7 Aug 1998 21:52:27 +0200
Fiji (jfay) wrote:try finger @host@host@host....145 times.... This should run the # of processes in excess of 1500 and shoot the system load up to at least 13.5. You can also do a finger @hosta@hostb where hostb is a machine running 2.5.1 or 2.6. Now this has not been confirmed on Solaris (x86). The bug id is 4161606 but yet there is no patch available as of today.Yep, same thing happens for x86 running 2.6. ~jamesFor what it's worth, the two 2.5.1 machines I currently run don't have this problem. Both were installed using 2.5.1 HW:4/97 media and then subsequently brought up to Generic_103640-21 via the current (ie. a few weeks ago) 2.5.1_Recommended kit. The machines are a sparc 2 and 10.
There's actually a quite simple workaround (BTW, one finger can't create 1500 processes; there's a buffer of 512 characters and you get at most 512 /(1+lenghtofhostname)*2 processes.) The quick fix is to set the number of processes per user to a acceptable value by editing /etc/system: set maxuprc = 50 This will limit the number of processes per user (not including root, but including nobody) to a small value. For certain setups, you can pick a larger system. If you dont' want to reboot, it's bit harder, but try: adb -wk v+0x1c/W<num> Casper
Current thread:
- Solaris 2.5.1/2.6 fingerd bug Fiji (Aug 05)
- Re: Solaris 2.5.1/2.6 fingerd bug James Garnett (Aug 05)
- Solaris 2.4 pop buffer overrun Julio Casal (Aug 05)
- Re: Solaris 2.4 pop buffer overrun Matthew R. Potter (Aug 07)
- Re: Solaris 2.5.1/2.6 fingerd bug Joseph Moran (Aug 06)
- Re: Solaris 2.5.1/2.6 fingerd bug Casper Dik (Aug 07)
- Re: Solaris 2.5.1/2.6 fingerd bug Casper Dik (Aug 06)
- Re: Solaris 2.5.1/2.6 fingerd bug Matthew R. Potter (Aug 06)
- ADMsmb security scanner for samba The ADM Crew (Aug 06)
- Eudora executes (Java) URL Stout, Bill (Aug 07)
- Re: Eudora executes (Java) URL John D. Hardin (Aug 07)
- Re: Eudora executes (Java) URL John D. Hardin (Aug 08)
- Solaris 2.4 pop buffer overrun Julio Casal (Aug 05)
- Re: Solaris 2.5.1/2.6 fingerd bug James Garnett (Aug 05)
- IRIX IP Spoofing/TCP Sequence Attack Update SGI Security Coordinator (Aug 06)
- IRIX BIND DNS Vulnerabilities Update SGI Security Coordinator (Aug 06)
- BSD/Qualcomm qpopper Vulnerability SGI Security Coordinator (Aug 06)
- University of Washington imapd daemon Vulnerability SGI Security Coordinator (Aug 06)