Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

fulldisclosure logo Full Disclosure mailing list archives

AWK Problem
From: "Helmut Hauser" <helmut.hauser () intraplan de>
Date: Fri, 29 Aug 2003 11:01:27 +0200
We encountered a strange AWK Problem.

Problematic awk script command phrase on redhat 7.3 causing a DoS resulting
in a complete system crash.

If the file "xyz.dat" does not exist or is locked or file permission is
denied with using awk,

following offending phrase causes the crash:
   while (getline < "xyz.dat")

The correct use of awk is
   while ((getline < "xyz.dat") > 0)
or
   while (0 < (getline < "xyz.dat"))

This avoids an endless loop causing kernel panic., e.g. on redhat 7.3 Kernel
revision is 2.4.20.

Users do NOT have to have root privileges to bring the server down.

Excerpt from the man page:

The getline command returns 0 on end of file and -1 on  an
       error.   Upon an error, ERRNO contains a string describing
       the problem.

I notified Redhat on 11.03.2003 and got no answer.

Helmut Hauser
Systemadministration EDV
Intraplan Consult GmbH

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
  • AWK Problem Helmut Hauser (Aug 29)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]