8333688 2002-04-23 23:11 +0200  /28 rader/  <enrico@wizards-of-source.org>
Sänt av: joel@lysator.liu.se
Importerad: 2002-04-23  23:36  av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Mottagare: Bugtraq (import) <22027>
Ärende: Denial of Service in Mosix 1.5.x
------------------------------------------------------------
From: enrico@wizards-of-source.org
To: bugtraq@securityfocus.com
Message-ID: <Pine.LNX.4.44.0204232308260.9106-100000@phantom.h07.org>

Hi,

mosix and probalby open-Mosix are vulnerable to an Denial of Service
attack, the problem lies in the mosix-protocol-stack, mosix are not
able to handle garbage-packets correctly.

MosiX is an cluster-environment for Linux and is avail from
www.mosix.org also vulnerable is to this is the clumpOS-Mosix client
cd, the  clumpOS-Mosix Node has also no vnc password set so anyone in
the  cluster-network can gain root-access to the affected node. this
issue will  be fixed in the next clumpOS Version.

this has been succefully tested on mosix 1.5.7 and latest clumpOS with 
dfsa and mfs enabled.

fix:

disable mfs in kernel-configuration


www.h07.org
German Unix/Linux Developer Team
(8333688) / <enrico@wizards-of-source.org>/(Ombruten)