[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Re: iDefense Security Advisory 12.22.05: Linux Kernel Socket Buffer Memory Exhaustion DoS Vulnerability

To: "labs@xxxxxxxxxxxx" <labs@xxxxxxxxxxxx>
Subject: [Full-disclosure] Re: iDefense Security Advisory 12.22.05: Linux Kernel Socket Buffer Memory Exhaustion DoS Vulnerability
From: Paul Starzetz <paul@xxxxxxxxxxx>
Date: Wed, 11 Jan 2006 16:13:51 +0100

labs-no-reply@xxxxxxxxxxxx wrote:


The vulnerability specifically exists due to a lack of resource checking
during the buffering of data for transfer over a pair of sockets. An
attacker can create a situation that, depending on the amount of
available system resources, can cause the kernel to panic due to memory
resource exhaustion. The attack is conducted by opening up a number of

This is and has been ever known stuff in Linux :-] The problem is even worse, since you can use AF_UNIX sockets to "hide" other filled sockets from the file-table descriptor limit (via send_msg).

please check

http://ko.librie.org/bigrip4.c

running it as unprivileged user will kill most of the processes (even those of root) on vulnerable machines.

regards

Paul Starzetz

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] [CIRT.DK] Apple QuickTime 7.0.3 and earlier - JPG/PICT Buffer Overflow
Next by Date: Re: [Full-disclosure] [CIRT.DK] Apple QuickTime 7.0.3 and earlier - JPG/PICT Buffer Overflow
Previous by thread: Re: [Full-disclosure] [CIRT.DK] Apple QuickTime 7.0.3 and earlier - JPG/PICT Buffer Overflow
Next by thread: [Full-disclosure] [USN-240-1] bogofilter vulnerability
Index(es):
- Date
- Thread