[Pkg-cryptsetup-devel] Bug#403075: cryptsetup luksOpen can kill
unrelated processes (out of memory killer)
Rob Walker
rob at tenfoot.org.uk
Thu Dec 14 13:46:33 UTC 2006
Package: cryptsetup
Version: 2:1.0.4-8
Severity: grave
Tags: security
Justification: user security hole
If I run cryptsetup luksOpen, giving it a file instead of a device, it tries
to allocate lots of memory, eventually triggering the oomkiller to kill
processes.
A normal user can do this, so this could be used for some kind of
denial of service attack: system performance will be impaired and processes of
other users may be killed. Hence the grave serverity.
To reproduce
# produce a dummy file
dd if=/dev/zero of=/tmp/foo bs=1k count=1024
# try to run cryptsetup
/sbin/cryptsetup luksOpen /tmp/foo /dev/mapper/_tmp_foo
The user will be prompted for a password. After entering it, the system
freezes until the oomkiller kills cryptsetup.
Regards
Rob
-- System Information:
Debian Release: 4.0
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-3-686
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Versions of packages cryptsetup depends on:
ii dmsetup 2:1.02.08-1 The Linux Kernel Device Mapper use
ii libc6 2.3.6.ds1-8 GNU C Library: Shared libraries
ii libdevma 2:1.02.08-1 The Linux Kernel Device Mapper use
ii libgcryp 1.2.3-2 LGPL Crypto library - runtime libr
ii libgpg-e 1.4-1 library for common error values an
ii libpopt0 1.10-3 lib for parsing cmdline parameters
ii libuuid1 1.39+1.40-WIP-2006.11.14+dfsg-1 universally unique id library
cryptsetup recommends no packages.
-- no debconf information
More information about the pkg-cryptsetup-devel
mailing list