mailing list archives
Re: iDefense Security Advisory 12.22.05: Linux Kernel Socket Buffer Memory Exhaustion DoS Vulnerability
From: Paul Starzetz <paul () starzetz de>
Date: Wed, 11 Jan 2006 16:13:51 +0100
labs-no-reply () idefense com wrote:
The vulnerability specifically exists due to a lack of resource checking
during the buffering of data for transfer over a pair of sockets. An
attacker can create a situation that, depending on the amount of
available system resources, can cause the kernel to panic due to memory
resource exhaustion. The attack is conducted by opening up a number of
This is and has been ever known stuff in Linux :-]
The problem is even worse, since you can use AF_UNIX sockets to "hide"
other filled sockets from the file-table descriptor limit (via send_msg).
running it as unprivileged user will kill most of the processes (even
those of root) on vulnerable machines.
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
- Re: iDefense Security Advisory 12.22.05: Linux Kernel Socket Buffer Memory Exhaustion DoS Vulnerability Paul Starzetz (Jan 11)