From: Adam Majer <adamm@galacticasoftware.com>
To: Wolfpaw - Dale Corse <admin-lists@wolfpaw.net>
Cc: linux-kernel@vger.kernel.org
Subject: Re: [grsec] Linux 2.4.27 SECURITY BUG - TCP Local (probable Remote) Denial of Service
Date: Sun, 12 Sep 2004 02:47:10 -0500 [thread overview]
Message-ID: <4143FEFE.7020800@galacticasoftware.com> (raw)
In-Reply-To: <004c01c49848$2608e180$0200a8c0@wolf>
Wolfpaw - Dale Corse wrote:
>Greetings,
>
> My apologies if this is to the wrong place - it happens to be the
>first kernel bug I have found (or what appears to be one), and I'm
>not entirely sure how to properly inform the Linux community about
>it.
>
>Anyway - on to the bug :)
>==========================
>Severity: HIGH
>Title: KERNEL: TCP Local (probable remote) Denial of Service
>Date: September 11, 2004
>
>
Actually, it seems that the sockets that are not closing properly are
the ones opened by your proof of concept code, *NOT* the server. The
servers (mysql and Apache), close their sockets properly. I could verify
this over a network. Locally, I got
tcp 0 0 192.168.53.2:41440 192.168.53.1:3306
TIME_WAIT
tcp 0 0 192.168.53.2:41442 192.168.53.1:3306
TIME_WAIT
tcp 0 0 192.168.53.2:41443 192.168.53.1:3306
TIME_WAIT
tcp 0 0 192.168.53.2:41452 192.168.53.1:3306
TIME_WAIT
tcp 0 0 192.168.53.2:41468 192.168.53.1:80
TIME_WAIT
tcp 0 0 192.168.53.2:41441 192.168.53.1:80
TIME_WAIT
tcp 0 0 192.168.53.2:41447 192.168.53.1:80
TIME_WAIT
tcp 0 0 192.168.53.2:41444 192.168.53.1:80 TIME
etc..
But on the server, only 1 or two ESTABISHED entries, nothing more.
I don't see much of a DOS, except maybe to DOS a localhost. And you can
do that already.
>The socket table looks like this while it is going on:
>
>http://www.ancients.org/LG.txt
>(it is 29,000+ lines, so I didn't put it here)
>
>
--
Building your applications one byte at a time
http://www.galacticasoftware.com
next prev parent reply other threads:[~2004-09-12 7:47 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-09-11 21:41 Linux 2.4.27 SECURITY BUG - TCP Local (probable Remote) Denial of Service Wolfpaw - Dale Corse
2004-09-12 1:12 ` David S. Miller
2004-09-12 7:47 ` Adam Majer [this message]
2004-09-12 12:46 ` [grsec] " Igmar Palsenberg
2004-09-14 9:00 ` Ivan Groenewald
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4143FEFE.7020800@galacticasoftware.com \
--to=adamm@galacticasoftware.com \
--cc=admin-lists@wolfpaw.net \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.