|
DESCRIPTION A denial-of-service condition exists in Linux kernels up to and including 2.2.14. The kernel ignores the limits set in "/proc/sys/net/core/vmem_max" and is therefore susceptible to a denial-of-service attack if a local user creates large numbers of unix domain socket connections. Various system functions, including networking and X, may cease to function when the unix domain socket space is exhausted. SOLUTION A kernel patch is available from Alan Cox. It will be incorporated into the 2.2.15 linux kernel. http://www.kernel.org/pub/linux/kernel/people/alan/2.2.15pre/pre-patch-2.2.15-16.gz REFERENCES Reported to Bugtraq on March 23, 2000 by Jay Fenlason. http://www.securityfocus.com/vdb/bottom.html?vid=1072 |