> Has anyone verified whether other non BSD-OSes are vulnerable? > Specifically, Linux 2.0.x (or any pre-2.2.9) releases? I just spent some time testing the exploit against Linux 2.2.6, and 2.2.9 w/ Andrea's Buffer-C patch. The machine had 128mb of ram, 128mb of swap, and a K6-2 266 Mhz CPU (the other machine I couldn't DoS had a 200Mhz Pentium w/ MMX and login resource restrictions). The results are mixed. When I first tested with 2.2.6, I did get a DoS. The DoS went away when I updated the System.map file to be accurate. After some experimentation, it seems that it's more of a hit and miss situation (I could DoS with valid/invalid System.map files). Sometimes it would DoS (looping about 290 to 300 times, pausing a second, then looping 20 more times, and then causing out of memory situations), and sometimes it wouldn't loop enough (and the kernel would reclaim the resources). This seems to be a well hidden race in the Linux kernel, and both 2.2.6 and 2.2.9 (with the patch) were affected. The system I tested it on did not have login resource limits enforced, so I'm assuming a good login resource policy would stop the DoS on at least the 2.2.x series (and possibly the 2.0.x series). I've no idea if this will affect the 2.3.x series.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:02:55 PDT