From owner-freebsd-security Sat Sep 25 8:56:53 1999 Delivered-To: freebsd-security@freebsd.org Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44]) by hub.freebsd.org (Postfix) with ESMTP id DEFF414E5A for ; Sat, 25 Sep 1999 08:55:28 -0700 (PDT) (envelope-from Cy.Schubert@uumail.gov.bc.ca) Received: (from daemon@localhost) by point.osg.gov.bc.ca (8.8.7/8.8.8) id IAA08613 for ; Sat, 25 Sep 1999 08:55:27 -0700 Received: from passer.osg.gov.bc.ca(142.32.110.29) via SMTP by point.osg.gov.bc.ca, id smtpda08611; Sat Sep 25 08:55:15 1999 Received: (from uucp@localhost) by passer.osg.gov.bc.ca (8.9.3/8.9.1) id IAA02103; Sat, 25 Sep 1999 08:53:45 -0700 (PDT) Message-Id: <199909251553.IAA02103@passer.osg.gov.bc.ca> Received: from localhost.osg.gov.bc.ca(127.0.0.1), claiming to be "passer.osg.gov.bc.ca" via SMTP by localhost.osg.gov.bc.ca, id smtpdPy2093; Sat Sep 25 08:52:56 1999 X-Mailer: exmh version 2.0.2 2/24/98 Reply-To: Cy Schubert - ITSD Open Systems Group From: Cy Schubert - ITSD Open Systems Group X-OS: FreeBSD 3.3-RELEASE X-Sender: cy To: Fernando Schapachnik Cc: freebsd-security@FreeBSD.ORG Subject: Re: FreeBSD-specific denial of service (fwd) In-reply-to: Your message of "Fri, 24 Sep 1999 12:14:46 -0300." <199909241514.MAA15064@ns1.sminter.com.ar> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Date: Sat, 25 Sep 1999 08:52:56 -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <199909241514.MAA15064@ns1.sminter.com.ar>, Fernando = Schapachnik wri tes: > Anyone has a patch for this? > = > Regards. > = > ----- Forwarded message from Charles M. Hannum ----- > = > >From owner-bugtraq@SECURITYFOCUS.COM Wed Sep 22 14:55:30 1999 > Approved-By: aleph1@SECURITYFOCUS.COM > Delivered-To: bugtraq@lists.securityfocus.com > Delivered-To: bugtraq@securityfocus.com > Message-ID: <199909211950.PAA09009@bill-the-cat.mit.edu> > Date: Tue, 21 Sep 1999 15:50:58 -0400 > Reply-To: "Charles M. Hannum" > Sender: Bugtraq List > From: "Charles M. Hannum" > Subject: FreeBSD-specific denial of service > X-To: bugtraq@securityfocus.com > To: BUGTRAQ@SECURITYFOCUS.COM > = > [Resending once, since it's been 10.5 days...] > = > Here's an interesting denial-of-service attack against FreeBSD >=3D3.0 > systems. It abuses a flaw in the `new' FreeBSD vfs_cache.c; it has no > way to purge entries unless the `vnode' (e.g. the file) they point to > is removed from memory -- which generally doesn't happen unless a > certain magic number of `vnodes' is in use, and never happens when the > `vnode' (i.e. file) is open. Thus it's possible to chew up an > arbitrary amount of wired kernel memory relatively simply. [exploit code deleted -- see previous post] This has been fixed in 3.3 and I've tested it. No crash even while = running some other memory intensive work on the box. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Open Systems Group Internet: Cy.Schubert@uumail.gov.bc.ca ITSD Cy.Schubert@gems8.gov.bc.ca Province of BC "e**(i*pi)+1=3D0" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message