Modified floppies can crash Linux

From: KiloByte (kilobyteat_private)
Date: Mon Mar 23 1998 - 07:39:45 PST

Next message: Miquel van Smoorenburg: "Re: An exploit for linux mh ver 6.8.4-5 ( update ) ..."

Previous message: David LeBlanc: "Re: RAS 'save password' problems..."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi!
While playing with file allocation tables, I noticed that if a FAT volume
(eg. a floppy) with looped allocation chain is being read under Linux, the
system stops responding and cannot be recovered to a working state without
a hardware rebooting.
This bug is not-so-useful for performing Denial-Of-Service attacks (if an
evildoer managed to put a floppy into your computer, why won't he just
press the power switch?), although he can leave a modified floppy on your
desk. It is sufficient to just ls that floppy.

Sample exploit is at http://rainbow.mimuw.edu.pl/~ab171958/FAT.html#Linux

I tested this exploit on kernel versions 2.0.30, 2.0.31 and 2.0.32, it
always works.

/-----------------------\ Hiroshima'45
| kilobyteat_private | Chernobyl'86
\-----------------------/ Windows'95
http://rainbow.mimuw.edu.pl/~ab171958/

Next message: Miquel van Smoorenburg: "Re: An exploit for linux mh ver 6.8.4-5 ( update ) ..."
Previous message: David LeBlanc: "Re: RAS 'save password' problems..."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:46:45 PDT