OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: Local Denial-of-Service attack against Linux
From: Elias Levy (aleph1SECURITYFOCUS.COM)
Date: Mon Mar 27 2000 - 20:56:00 CST


Gigi Sullivan <sullivansikurezza.org>:

Tried on 2.2.14 kernel, Debian 2.1 slink.
Like Michal said it has no effect (except some kmalloc messages), but
if you leave it run and try to switch to another virtual console,
the only thing to do is reboot, the system will freeze.
Reboot is the solution (here).

Even SysRQ didnt' work.

bella <bellapci.poltava.ua>:

I tested it in my box and... Ports < 1024 absolutely disabled, but ports >
1024 worked fine. I'm running squid on 3128 and apache2 on 8000. ping ok
too. Local consoles unusable. After hardware reset fsck kill exploit
binary! Wonderfull! :)

Helmuth Antholzer <hellidnet.it>:

This works also on Corel Linux 1.0 with Kernel 2.2.12. The only way to stop
the program is the reset button.

"Keith Warno" <keithHaggleWare.com>:

SuSE 6.2, kernel 2.2.14, i686, lightly-loaded (5 users, load average: 0.00,
0.04, 0.07)

Bunch of kmalloc messages:
Mar 25 15:52:47 develop kernel: rge
Mar 25 15:52:47 develop kernel: kmalloc: Size (131076) too large
Mar 25 15:52:47 develop last message repeated 454 times

While the program was running as an unpriveleged user the system would not
respond to any request for service or to any keypress for that matter, other
than a Control-C to kill the program.

Visitor <visitorslibero.it>:

it's the same on my redhat 6.1 kernel 2.2.14aa10
(aa means Andrea Arcangeli)
with a ctrl+C it can be aborted.

Koblinger Egmont <egmontfazekas.hu>:

If I run this program on the console, I can kill it by pressing ^C. But
starting it from an xterm it completely hangs my machine.
(I have 2.2.14.)

Jay Fenlason <fenlasonCLEARWAY.COM>:

Works on redhat 6.0 (unpatched kernel) as well.

Cliff Albert <cliffoisec.net>:

On my debian 2.2 system running Kernel 2.2.14 i experienced the same as
you did. It didn't crash my system, only getting a lot of kmalloc
messages.. Ctrl-C killed the thing without any noticeable lag.