|
Bugtraq
mailing list archives
Re: Local DoS on network by unpriviledged user using setsockopt()
From: dvorak () CAPU NET (John N Dvorak)
Date: Wed, 8 Sep 1999 14:09:26 -0400
On Wed, 8 Sep 1999, Dylan Griffiths wrote:
John N Dvorak wrote:
Sven,
I have verified the following platforms:
BSDI 2.1
BSDI 3.1
BSDI 4.0
BSDI 4.0.1
Cobalt Linux (MIPS) - RedHat based
All vulnerable.
I am testing on other Linux platforms, but I presume all BSD and
Linux-based systems are affected. I have no resources to test this on
Solaris, AIX, HP and System-V based systems.
Linux x86 does not appear affected, or at least my Slackware distribution
simply choked off the program before it did any damage when run as both
normal and super user. This might have something to do with login limits,
but super user ran it with no ill effects. Kernel 2.2.9
Is Cobalt Linux using an older kernel?
Cobalt Linux is definitely using an older kernel. As far as I know, it is
a 2.0.x release for the RaQ2 product. I'll see what kind of details I can
get from Cobalt.
Using the exploit on a Cobalt RaQ2, most system processes lock, though the
machine still responds to pings. The management panel does not respond
and the machine must be cold booted.
Has anyone verified whether other non BSD-OSes are vulnerable?
Specifically, Linux 2.0.x (or any pre-2.2.9) releases?
Regards,
John Dvorak
===========================================
John N Dvorak | dvorak () capu net
Director of Technology
CapuNet, LLC - Corporate Internet Solutions
(301) 881-4900 x8018
===========================================
 By Date 
By Thread
Current thread:
- Re: Local DoS on network by unpriviledged user using setsockopt(), (continued)
|
Intro
