http://linuxreviews.org/news/2004-06-11_kernel_crash/index.html#toc6
The threat ----------
Using this exploit to crash Linux systems requires the (ab)user to have shell access or other means of uploading and running the program (like cgi-bin and FTP access). The program works on any normal user account, root access is not required. This exploit has been reported used to take down several "lame free-shell providers" servers (running code you know will damage a system intentionally and hacking in general is illegal in most parts of the world and strongly discouraged).
This code only works on x86 Linux machines.
[snip]
The Crashing Kernels ---------------------
Minor numbers are versions verified, this is just the top the iceberg:
* Linux 2.6.x
o 2.6.7-rc2
o 2.6.6 (vanilla)
o 2.6.6-rc1 SMP (varified by blaise)
o 2.6.6 SMP (verified by riven)
o 2.6.5-gentoo (verified by RatiX)
o 2.6.5-mm6 - (verified by Mariux)
o 2.6.5 (fedora core 2 vanilla)
o 2.6.3-13mdk (Mandrake)
* Linux 2.4.2x
o 2.4.26 vanilla
o 2.4.26, grsecurity 2.0 config
o 2.4.26-rc1 vanilla
o 2.4.26-gentoo-r1
o 2.4.22
o 2.4.22-1.2188 Fedora FC1 Kernel
o 2.4.20 RH7.3 (gcc 2.96)
o 2.4.18-bf2.4 (debian woody vanilla)Even grsecurity-patched kernels crash. "I would have hoped that grsec would have blocked or logged something, but nothing appeared in the logs." Vincent
Discussion about this on the Linux Kernel mailing list http://marc.theaimsgroup.com/?l=linux-kernel&m=108681568931323&w=2
-- / \__ ( @\___ Raj Shekhar / O My home : http://geocities.com/lunatech3007/ / (_____/ My blog : http://lunatech.journalspace.com/ /_____/ U
_______________________________________________ ilugd mailinglist -- [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/[EMAIL PROTECTED]/
