OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: John Galt (galtINCONNU.ISU.EDU)
Date: Tue Apr 03 2001 - 20:44:04 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Buffer overflow or somesuch with a payload of fscking the already mounted
    root filesystem?

    On Mon, 2 Apr 2001, Philip Stoev wrote:

    >> > A DOS attack on a system which you have the ability to kill power to
    >> > strikes me as a fairly minor problem. Being able to do this remotely
    >>
    >> I realize that. However, the original poster (Philip Stoev) was describing
    >> what happens when fsck runs (during boot-up) and then gives you a root
    >shell.
    >
    >No, what I envisioned is a _remote_ attack, rather than a local one. I know
    >that if you have local access you can kill the power, or use a hammer, or
    >whatever.
    >
    >Also, what I am talking about is a DoS, not a root compromise. I know the
    >root password is required for entering single-user mode due to fsck failure.
    >
    >Again, my idea was to make a machine inoperable while being a _remote_,
    >_unprivileged_ user. Once you do it, if the admin can not easily reach it
    >(if it is at a co-location or some other such place) and re-start it in
    >multiple-user mode, there is going to be a problem.
    >
    >To repeat, my question is: Is there a tool, or can there be a tool that can
    >create filesystem damage when being a remote, non-privileged user? Let's
    >assume that you can not power down the machine at will, so the tool should
    >be autonomous, that is, not relying on a shutdown or power-failure to do the
    >exact damage (the tool just creating the hard drive activity required to
    >make this damage more probable). Instead, the tool must create the damage
    >itself, even if the machine is perfectly powered and not overloaded.
    >
    >It seems that my previous posts were unclear. I am talking about a remote,
    >non-privileged DoS. No local console, no root access, no floppy access, no
    >power-switch access, no hammer handy.
    >
    >Philip
    >

    - --
    The early worm gets the bird.

    Who is John Galt? galtinconnu.isu.edu, that's who!

    -----BEGIN PGP SIGNATURE-----
    Version: PGP for Personal Privacy 5.0
    Charset: noconv

    iQA/AwUBOsp8bB9mehuYcOjMEQK6jACfQtXoEb5SvDIY7B7Bjh/goO93ERwAmwSY
    Xg2NvLrCbcB9rL9Hr5NUcZI1
    =D7iN
    -----END PGP SIGNATURE-----