DoS program/bug .
Posted on 2006-04-13
Hello, i have a program that was used to bypass my security stuff. I am running freebsd 5.4 pl13. it is a shell server. the exploit creates like 400.000 files. each 1000 files have the SAME inode. i don't know how this is possible but maybe you can help me out on this. The idea is that when periodic tasks run ... like updatedb, or security or whatever uses find/locate command, server reboots. i think the issue is because the files have the same inodes, and they are a lot ...
the files look like this you can see the inode in the left side, that it is the same
1319375 -rw------- 30000 user users 0 Apr 10 23:31 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx075
1319375 -rw------- 30000 user users 0 Apr 10 23:31 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx076
1319375 -rw------- 30000 user users 0 Apr 10 23:31 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx077
Now, i tried to decompile, and i think i got the procedures in assembly. the file is relative small. 6667 bytes ...
here is what i got. all procedures are here. is it assembly ? could you please tell me what the script does ? because i have quota enabled, and limitations for files and disk space, but with this proggie, 400000 files were using 400 inodes. because each 1000 had the same inode. need help pls
<Code Removed by Request> Paul Caswell