|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: Local FreeBSD, Openbsd, NetBSD, DoS Vulnerability
From: Alfred Perlstein (bright
WINTELCOM.NET)Date: Fri Jun 02 2000 - 16:49:54 CDT
- Next message: Aleph One: "New Allaire Security Zone Bulletins"
- Previous message: Matthew J. Brown: "Microsoft Outlook (Express) bug.."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
* Ussr Labs <labsUSSRBACK.COM> [000602 13:08] wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Local FreeBSD, Openbsd, NetBSD, DoS Vulnerability
[snip same old story about exhausting mbufs]
FreeBSD 4 and above are not vulnerable if proper limits are put
into place. These limits should be setup at the same time other
limits (such as 'maxproc' to disallow forkbombing) are set up.
Please see the the RLIMIT_SBSIZE option for setrlimit(2), it allows
a reasonable limit to be set for users socket buffers.
An undocumeted (which I just fixed) option for login.conf(5) 'sbsize'
allows this restriction to be put into place for users:
:sbsize=1048576:\
Of course the real solution is rmuser(8), but that's a matter of
policy.
hope this helps,
-- -Alfred Perlstein - [bright
- Next message: Aleph One: "New Allaire Security Zone Bulletins"
- Previous message: Matthew J. Brown: "Microsoft Outlook (Express) bug.."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]