Bugtraq mailing list archives
Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy]
From: Valdis.Kletnieks () VT EDU (Valdis.Kletnieks () VT EDU)
Date: Fri, 1 Oct 1999 16:38:57 -0400
On Thu, 30 Sep 1999 12:04:14 PDT, Eric Griffis <egriffis () COMMONTECH COM> said:
Also, I think the amount of processor time it takes to create a symbolic link is multiple times larger than the amount of time between the return of lstat and actual socket creation, which would require the sshd process to hang temporarily or be seriously slowed down. Is that feasible? How would these things be done, or is there something I missed? I'm very familiar with C and the unix environment, but the security-related aspects
cat >> slowmedown.c main() { for(;;)} ^D cc -o slowmedown slowmedown.c for i in 1 2 3 4 5 6 7 8 9; do ./slowmedown &; done Or apply yuor favorite fork bomb. It's easy to slow things down as much as needed - you get that load average up to 60 or 80 the window you're trying to hit will get REAL wide. I'f you're REALLY smart, you'll have all the 'slowmedown' processes trying to hit the window while they bog things down. -- Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech <!-- attachment="bin0a00283" --> <HR> <UL> <LI>application/pgp-signature attachment: stored </UL>
Current thread:
- Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Eric Griffis (Sep 30)
- Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Dan Astoorian (Oct 01)
- Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Jeff Long (Oct 04)
- Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Valdis.Kletnieks () VT EDU (Oct 01)
- Team Asylum: iHTML Merchant (Follow-up) Team Asylum (Oct 01)
- RFP9903: AeDebug vulnerability .rain.forest.puppy. (Oct 01)
- Re: RFP9903: AeDebug vulnerability Matt (Oct 04)
- Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Pavel Kankovsky (Oct 02)
- Buffer Overflows and Remote Root Exploits Crispin Cowan (Oct 02)
- (no subject) Dennis Conrad (Oct 03)
- Re: Sample DOS against the Sambar HTTP-Server Steve (Oct 06)
- Re: Sample DOS against the Sambar HTTP-Server Dennis Conrad (Oct 08)
- Re: Sample DOS against the Sambar HTTP-Server syz (Oct 09)
- Re: Sample DOS against the Sambar HTTP-Server Steve (Oct 06)
- <Possible follow-ups>
- Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Dan Astoorian (Sep 30)
(Thread continues...)
- Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Dan Astoorian (Oct 01)