Vigil@nce: FreeBSD, denial of service
September 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An attacker can create numerous process in order to stop the
kernel.
– Severity: 2/4
– Creation date: 10/09/2010
DESCRIPTION OF THE VULNERABILITY
The maxproc variable of the file /etc/login.conf defines the
per-user maximum number of simultaneous running process. The
kern.maxproc kernel variable defines the system-wide maximum
number of simultaneous running process.
However, when several users create simultaneously numerous
process, the number of concurring running process can exceed
kern.maxproc, stopping the kernel.
An attacker can therefore create numerous process in order to stop
the kernel.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/FreeBSD-denial-of-service-9919