![[LWN Logo]](/images/lcorner.png)
![[LWN.net]](/images/Included.png)
|
|
|
|
From: enrico@wizards-of-source.org To: bugtraq@securityfocus.com Subject: Denial of Service in Mosix 1.5.x Date: Tue, 23 Apr 2002 23:11:54 +0200 (CEST) Hi, mosix and probalby open-Mosix are vulnerable to an Denial of Service attack, the problem lies in the mosix-protocol-stack, mosix are not able to handle garbage-packets correctly. MosiX is an cluster-environment for Linux and is avail from www.mosix.org also vulnerable is to this is the clumpOS-Mosix client cd, the clumpOS-Mosix Node has also no vnc password set so anyone in the cluster-network can gain root-access to the affected node. this issue will be fixed in the next clumpOS Version. this has been succefully tested on mosix 1.5.7 and latest clumpOS with dfsa and mfs enabled. fix: disable mfs in kernel-configuration www.h07.org German Unix/Linux Developer Team