1365 : NetBSD cpu-hog Local System Call DoS
Printer | http://osvdb.org/1365 | Email This | Edit Vulnerability

Views This Week

Views All Time

Info

Last Modified

10 months ago

Percent Complete

100%

Disclosure

May 28, 2000

Discovery

Unknown

Dates

Exploit

May 28, 2000

Solution

Unknown

Description

NetBSD contains a flaw that may allow a local denial of service. The issue is triggered when a malicious user tricks a system call into running for an extended period of time, and will result in loss of availability for the platform.

Classification

Location: Local Access Required
Attack Type: Denial of Service
Impact: Loss of Availability
Exploit: Exploit Available
Disclosure: OSVDB Verified

Technical

Processes runnning in the NetBSD kernel cannot be terminated by SIGHUP, SIGKILL or any other terminating signal and must yield the CPU voluntarily. Therefore, certain system calls can execute for an extended period of time in the kernel without yielding.

Two examples of this are a read from "/dev/zero" and a call to ktrace that could use large amounts of kernel memory when tracing large I/O's.

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, NetBSD has released a patch to address this vulnerability.

Products

NetBSD Foundation, Inc.	NetBSD	0.x
		1.0.x
		1.1.x
		1.2.x
		1.3.x
		1.4
		1.4.1
		1.4.2

References

Bugtraq ID: 1272
CVE ID: 2000-0456 (see also: NVD)
Vendor Specific Advisory URL: ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2000-005.txt.asc

Credit

Artur Grabowski - artstacken.kth.se -

Blogs

Provided by Technorati

None found at this time

Comments

Add Comment Hide Add Comment

No Comments.

DONATE NOW!

User Status

Account
- Login
- Sign-Up

Quick Searches

Views This Week

Views All Time

Info

Last Modified

Percent Complete

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Technical

Solution

Products

NetBSD Foundation, Inc.

NetBSD

References

Credit

Blogs

Comments