Denial of Service in Mosix 1.5.x

From: enrico@wizards-of-source.org
Date: Tue Apr 23 2002 - 14:11:54 PDT

Next message: Replugge [ROD]: "More Cross site Scripting in PHPNuke"

Previous message: Steve Gustin: "CGIscript.net - csMailto.cgi - Remote Command Execution"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

mosix and probalby open-Mosix are vulnerable to an Denial of Service 
attack, the problem lies in the mosix-protocol-stack, mosix are not able
to handle garbage-packets correctly.

MosiX is an cluster-environment for Linux and is avail from www.mosix.org
also vulnerable is to this is the clumpOS-Mosix client cd, the 
clumpOS-Mosix Node has also no vnc password set so anyone in the 
cluster-network can gain root-access to the affected node. this issue will 
be fixed in the next clumpOS Version.

this has been succefully tested on mosix 1.5.7 and latest clumpOS with 
dfsa and mfs enabled.

fix:

disable mfs in kernel-configuration


www.h07.org
German Unix/Linux Developer Team

Next message: Replugge [ROD]: "More Cross site Scripting in PHPNuke"
Previous message: Steve Gustin: "CGIscript.net - csMailto.cgi - Remote Command Execution"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Apr 23 2002 - 14:30:58 PDT