Hi! While playing with file allocation tables, I noticed that if a FAT volume (eg. a floppy) with looped allocation chain is being read under Linux, the system stops responding and cannot be recovered to a working state without a hardware rebooting. This bug is not-so-useful for performing Denial-Of-Service attacks (if an evildoer managed to put a floppy into your computer, why won't he just press the power switch?), although he can leave a modified floppy on your desk. It is sufficient to just ls that floppy. Sample exploit is at http://rainbow.mimuw.edu.pl/~ab171958/FAT.html#Linux I tested this exploit on kernel versions 2.0.30, 2.0.31 and 2.0.32, it always works. /-----------------------\ Hiroshima'45 | kilobyteat_private | Chernobyl'86 \-----------------------/ Windows'95 http://rainbow.mimuw.edu.pl/~ab171958/
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:46:45 PDT