Bugtraq mailing list archives
Re: FreeBSD-specific denial of service
From: bfischer () TECHFAK UNI-BIELEFELD DE (Bjoern Fischer)
Date: Fri, 24 Sep 1999 10:06:44 +0200
On Tue, Sep 21, 1999 at 03:50:58PM -0400, Charles M. Hannum wrote:
Here's an interesting denial-of-service attack against FreeBSD >=3.0 systems. It abuses a flaw in the `new' FreeBSD vfs_cache.c; it has no way to purge entries unless the `vnode' (e.g. the file) they point to is removed from memory -- which generally doesn't happen unless a certain magic number of `vnodes' is in use, and never happens when the `vnode' (i.e. file) is open. Thus it's possible to chew up an arbitrary amount of wired kernel memory relatively simply.
This has been addressed and was fixed in src/sys/kern/vfs_cache.c revision 1.38.2.3 before releasing the latest stable FreeBSD-3.3: A tunable sysctl knob `vfs.cache.maxaliases' which defaults to 4 limits the number of cache aliases to a vnode. Björn Fischer -- (sig_t*)NULL <!-- attachment="bin0a27613" --> <HR> <UL> <LI>application/pgp-signature attachment: stored </UL>
Current thread:
- Re: fixing all buffer overflows --- random magin numbers nm (Sep 12)
- Re: fixing all buffer overflows --- random magin numbers Crispin Cowan (Sep 13)
- Re: fixing all buffer overflows --- random magin numbers Oliver Xymoron (Sep 17)
- Exploit for proftpd 1.2.0pre6 Tymm Twillman (Sep 20)
- Re: fixing all buffer overflows --- random magin numbers Crispin Cowan (Sep 20)
- BP9909-00: cfingerd local buffer overflow Przemyslaw Frasunek (Sep 21)
- Windows IP source routing attack Dug Song (Sep 21)
- FreeBSD-specific denial of service Charles M. Hannum (Sep 21)
- Re: FreeBSD-specific denial of service Alan Cox (Sep 22)
- Re: FreeBSD-specific denial of service Bjoern Fischer (Sep 24)
- Re: fixing all buffer overflows --- random magin numbers Oliver Xymoron (Sep 17)
- Re: fixing all buffer overflows --- random magin numbers Crispin Cowan (Sep 13)