|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: FreeBSD-specific denial of service
Bjoern Fischer (bfischer
TECHFAK.UNI-BIELEFELD.DE)
Fri, 24 Sep 1999 10:06:44 +0200
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
- Next message: Darren Reed: "Re: Nmap and Cisco Dos, clarification --"
- Previous message: Thomas Reinke: "Re: Yet another major Hotmail security hole - injectingJavaScript using "javasCript:""
- In reply to: Brian Hampson: "Re: Yet another major Hotmail security hole - injecting JavaScript using "javasCript:""
On Tue, Sep 21, 1999 at 03:50:58PM -0400, Charles M. Hannum wrote:
> Here's an interesting denial-of-service attack against FreeBSD >=3.0
> systems. It abuses a flaw in the `new' FreeBSD vfs_cache.c; it has no
> way to purge entries unless the `vnode' (e.g. the file) they point to
> is removed from memory -- which generally doesn't happen unless a
> certain magic number of `vnodes' is in use, and never happens when the
> `vnode' (i.e. file) is open. Thus it's possible to chew up an
> arbitrary amount of wired kernel memory relatively simply.
This has been addressed and was fixed in src/sys/kern/vfs_cache.c
revision 1.38.2.3 before releasing the latest stable FreeBSD-3.3:
A tunable sysctl knob `vfs.cache.maxaliases' which defaults to 4
limits the number of cache aliases to a vnode.
Björn Fischer
-- (sig_t*)NULL
- application/pgp-signature attachment: stored
- Next message: Darren Reed: "Re: Nmap and Cisco Dos, clarification --"
- Previous message: Thomas Reinke: "Re: Yet another major Hotmail security hole - injectingJavaScript using "javasCript:""
- In reply to: Brian Hampson: "Re: Yet another major Hotmail security hole - injecting JavaScript using "javasCript:""
This archive was generated by hypermail 2.0b3 on Sun Sep 26 1999 - 00:27:35 CDT