The following is from BUGTRAQ. There's a fix for -stable, though there
is none for -current. Is -current vulnerable?
Regards, Phone: (250)387-8437
Cy Schubert Fax: (250)387-5766
Open Systems Group Internet: [EMAIL PROTECTED]
ITSD [EMAIL PROTECTED]
Province of BC
"e**(i*pi)+1=0"
------- Forwarded Message
Replied: Fri, 24 Sep 1999 07:32:41 -0700
Replied: Adrian Penisoara <[EMAIL PROTECTED]>
Replied: "Charles M. Hannum" <[EMAIL PROTECTED]>
Replied: [EMAIL PROTECTED]
Replied: [EMAIL PROTECTED]
Return-Path: [EMAIL PROTECTED]
Received: (from uucp@localhost)
by passer.osg.gov.bc.ca (8.9.3/8.9.1) id HAA19965
for <cy>; Fri, 24 Sep 1999 07:07:39 -0700 (PDT)
Resent-Message-Id: <[EMAIL PROTECTED]>
Received: from localhost.osg.gov.bc.ca(127.0.0.1), claiming to be
"passer.osg.gov.bc.ca"
via SMTP by localhost.osg.gov.bc.ca, id smtpdL19958; Fri Sep 24
07:06:39 1999
Received: (from uucp@localhost)
by passer.osg.gov.bc.ca (8.9.3/8.9.1) id HAA19950
for <[EMAIL PROTECTED]>; Fri, 24 Sep 1999 07:06:39 -0700
(PDT)
Received: from point.osg.gov.bc.ca(142.32.102.44)
via SMTP by passer.osg.gov.bc.ca, id smtpdW19948; Fri Sep 24 07:06:27
1999
Received: (from daemon@localhost)
by point.osg.gov.bc.ca (8.8.7/8.8.8) id HAA04613
for <[EMAIL PROTECTED]>; Fri, 24 Sep 1999 07:06:27 -0700
Received: from hub.FreeBSD.ORG(204.216.27.18)
via SMTP by point.osg.gov.bc.ca, id smtpda04611; Fri Sep 24 07:06:14
1999
Received: by hub.freebsd.org (Postfix, from userid 538)
id 47FB414D1C; Fri, 24 Sep 1999 07:04:18 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1])
by hub.freebsd.org (Postfix) with SMTP
id 309E61CD621; Fri, 24 Sep 1999 07:04:18 -0700 (PDT)
(envelope-from owner-freebsd-security)
Received: by hub.freebsd.org (bulk_mailer v1.12); Fri, 24 Sep 1999
07:04:18 -0700
Delivered-To: [EMAIL PROTECTED]
Received: from ady.warpnet.ro (ady.warpnet.ro [194.102.224.1])
by hub.freebsd.org (Postfix) with ESMTP id C4621150E5
for <[EMAIL PROTECTED]>; Fri, 24 Sep 1999 07:04:02 -0700
(PDT)
(envelope-from [EMAIL PROTECTED])
Received: from localhost (ady@localhost)
by ady.warpnet.ro (8.9.3/8.9.3) with ESMTP id RAA36387;
Fri, 24 Sep 1999 17:02:25 +0300 (EEST)
(envelope-from [EMAIL PROTECTED])
Date: Fri, 24 Sep 1999 17:02:25 +0300 (EEST)
From: Adrian Penisoara <[EMAIL PROTECTED]>
X-Sender: [EMAIL PROTECTED]
To: "Charles M. Hannum" <[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Re: FreeBSD-specific denial of service
In-Reply-To: <[EMAIL PROTECTED]>
Message-ID: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: [EMAIL PROTECTED]
X-Loop: FreeBSD.org
Precedence: bulk
Resent-To: cy
Resent-Date: Fri, 24 Sep 1999 07:06:39 -0700
Resent-From: Cy Schubert <[EMAIL PROTECTED]>
X-UIDL: e11831742cf1648327586c6ab307b72c
Hi,
On Tue, 21 Sep 1999, Charles M. Hannum wrote:
> [Resending once, since it's been 10.5 days...]
>
> Here's an interesting denial-of-service attack against FreeBSD >=3.0
> systems. It abuses a flaw in the `new' FreeBSD vfs_cache.c; it has no
> way to purge entries unless the `vnode' (e.g. the file) they point to
> is removed from memory -- which generally doesn't happen unless a
> certain magic number of `vnodes' is in use, and never happens when the
> `vnode' (i.e. file) is open. Thus it's possible to chew up an
> arbitrary amount of wired kernel memory relatively simply.
>
Seems to be fixed in CVS version 1.38.2.3 of vfs_cache.c for RELENG_3
branch (meaning 3.3-STABLE) -- could you please check again ?
Commit log:
Limit aliases to a vnode in the namecache to a sysctl tunable
'vfs.cache.maxaliases'. This protects against a DoS via thousands of
hardlinks to a file wiring down all kernel memory.
Ady (@freebsd.ady.ro)
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-security" in the body of the message
------- End of Forwarded Message
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
Re: FreeBSD-specific denial of service
Cy Schubert - ITSD Open Systems Group Fri, 24 Sep 1999 06:42:21 -0700
