NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 2000-03

Subject: Re: Local Denial-of-Service attack against Linux
From: Elias Levy (aleph1SECURITYFOCUS.COM)
Date: Mon Mar 27 2000 - 20:56:00 CST

Next message: Ofir Arkin: "The TCP Flags Playground"
Previous message: DeAvillez, Carlos: "Hide Drives does not work with OUTLOOK 98 - Summary of Answers (W InNT4)"
Maybe in reply to: Jay Fenlason: "Local Denial-of-Service attack against Linux"
Next in thread: Gigi Sullivan: "Re: Local Denial-of-Service attack against Linux"
Maybe reply: Elias Levy: "Re: Local Denial-of-Service attack against Linux"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Gigi Sullivan <sullivansikurezza.org>:

Tried on 2.2.14 kernel, Debian 2.1 slink.
Like Michal said it has no effect (except some kmalloc messages), but
if you leave it run and try to switch to another virtual console,
the only thing to do is reboot, the system will freeze.
Reboot is the solution (here).

Even SysRQ didnt' work.

bella <bellapci.poltava.ua>:

I tested it in my box and... Ports < 1024 absolutely disabled, but ports >
1024 worked fine. I'm running squid on 3128 and apache2 on 8000. ping ok
too. Local consoles unusable. After hardware reset fsck kill exploit
binary! Wonderfull! :)

Helmuth Antholzer <hellidnet.it>:

This works also on Corel Linux 1.0 with Kernel 2.2.12. The only way to stop
the program is the reset button.

"Keith Warno" <keithHaggleWare.com>:

SuSE 6.2, kernel 2.2.14, i686, lightly-loaded (5 users, load average: 0.00,
0.04, 0.07)

Bunch of kmalloc messages:
Mar 25 15:52:47 develop kernel: rge
Mar 25 15:52:47 develop kernel: kmalloc: Size (131076) too large
Mar 25 15:52:47 develop last message repeated 454 times

While the program was running as an unpriveleged user the system would not
respond to any request for service or to any keypress for that matter, other
than a Control-C to kill the program.

Visitor <visitorslibero.it>:

it's the same on my redhat 6.1 kernel 2.2.14aa10
(aa means Andrea Arcangeli)
with a ctrl+C it can be aborted.

Koblinger Egmont <egmontfazekas.hu>:

If I run this program on the console, I can kill it by pressing ^C. But
starting it from an xterm it completely hangs my machine.
(I have 2.2.14.)

Jay Fenlason <fenlasonCLEARWAY.COM>:

Works on redhat 6.0 (unpatched kernel) as well.

Cliff Albert <cliffoisec.net>:

On my debian 2.2 system running Kernel 2.2.14 i experienced the same as
you did. It didn't crash my system, only getting a lot of kmalloc
messages.. Ctrl-C killed the thing without any noticeable lag.

Next message: Ofir Arkin: "The TCP Flags Playground"
Previous message: DeAvillez, Carlos: "Hide Drives does not work with OUTLOOK 98 - Summary of Answers (W InNT4)"
Maybe in reply to: Jay Fenlason: "Local Denial-of-Service attack against Linux"
Next in thread: Gigi Sullivan: "Re: Local Denial-of-Service attack against Linux"
Maybe reply: Elias Levy: "Re: Local Denial-of-Service attack against Linux"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]