|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Bug in gpm
From: Tomasz Grabowski (cadence
APOLLO.ACI.COM.PL)Date: Tue Jun 20 2000 - 08:21:16 CDT
- Next message: Security Team: "DST2K0018: Multiple BufferOverruns in WebBBS HTTP Server v1.15"
- Previous message: Thomas Biege: "Re: Fwd: Re: Splitvt exploit"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hello.
More than 6 months ago I discovered some kind of DoS bug in gpm shipped
with RedHat 6.1
(propably others).
Regular user can simply DoS the gpm or (in several circumstances) the
whole system.
In general the problem is that /dev/gpmctl uses STREAM and You can flood
it with many faked connections.
One week ago RedHat announced that the bug is *FIXED* now and everyone can
download a new version of this package from redhat-rawhide
(/pub/Linux/redhat-rawhide/i386/RedHat/RPMS/gpm-1.19.2-1.i386.rpm),
so I decided to drop a note here.
The funny thing is that I couldn't find info about it in ChangeLog of this
package...
If You want to play with it try attached code.
___
Tomasz Grabowski [Akademickie Centrum Informatyki] {CADENCE of Lam3rZ}
The progress only comes through struggle...
- TEXT/PLAIN attachment: fgpm.c
- Next message: Security Team: "DST2K0018: Multiple BufferOverruns in WebBBS HTTP Server v1.15"
- Previous message: Thomas Biege: "Re: Fwd: Re: Splitvt exploit"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]