Bugtraq mailing list archives
Re: To kill a sun:
From: sink () CBL UMCES EDU (Robert Sink)
Date: Sun, 14 Dec 1997 15:28:57 -0500
It appears that sunkill.c does not have any appreciable affect on a Solaris 2.5.1 system when they are running the MIT Kerberos v5 1.0.4 suite of network authentication utilities (telnetd, rlogind, etc...) whether the machine is a sun4m machine on le0 (10Mb/s ethernet), a sun4u machine on hme0 (100Mb/s ethernet), or a Solarisx86 2.5.1 machine on de0 (10Mb/s ethernet). uname's below w/ patchlevels. The attack was mounted from a FreeBSD 2.2 machine which itself was on a 10Mb/s ethernet twisted pair connection. (I'm not sure network speed/interface is an issue here, however I'm including it to be as verbose as possible.) The code compiled with no errors and appeared to run as 'designed'. On the target machines, there appeared to be no effect, including high loads, excessive memory usage and no complaints in system log files etc... I was able to telnet/rlogin to the target machines both during and immediately after the attack with no appreciable delay. Whether or not this is a direct result of the Kerberos v5 1.0.4 binaries being in place of the stock Solaris binaries or some function of patchlevel is (for me) inconclusive at this point in time as I was not prepared to test attack against the stock binaries. SunOS xxx 5.5.1 Generic_103640-09 sun4u sparc SunOS xxx 5.5.1 Generic_103640-09 sun4m sparc SunOS xxx 5.5.1 Generic_103641-12 i86pc i386 -- Robert Sink - Asst. Dept. Head - Computer/Network Services Univ. of Maryland Chesapeake Biological Laboratory - Solomons, MD. [o] 410/326-7306 On Dec 13, Jason Zapman II (zapman () CC GATECH EDU) wrote:
This is sunkill.c It Affects at least solaris 2.5.1 machines, both sun4c and sun4m achitecutures. I imagine it affects all solaris 2.5.1 machines, both sparc and x86, but im not sure. It basically works by opening a telnet connection on the victim machine and sends a few bad telnet negotiation options, then flooods the port with lots of ^D characters. This uses all the streams memory (i think) on the victims machine and causes the kernel to get very angry. The machien crawls to a halt, the cursor in X stops moving, the machine is unresponsive to the network. Its a bad situation all around.
Current thread:
- To kill a sun: Jason Zapman II (Dec 13)
- SunOS4.1.4 another tmpfs bug YAMAMORI Takenori (Dec 12)
- Re: To kill a sun: David LeBlanc (Dec 13)
- Re: To kill a sun: James Lockwood (Dec 14)
- Vulnerabilities in ICQ Alan Cox (Dec 14)
- Re: Vulnerabilities in ICQ Seth McGann (Dec 14)
- Re: Vulnerabilities in ICQ Solar Designer (Dec 16)
- Re: Vulnerabilities in ICQ Arik Vardi (Dec 15)
- Re: Vulnerabilities in ICQ Seth McGann (Dec 14)
- Sun killer - NT port Aleph One (Dec 14)
- Re: To kill a sun: Craig Johnston (Dec 14)
- <Possible follow-ups>
- Re: To kill a sun: Robert Sink (Dec 14)
- Re: To kill a sun: Darren Reed (Dec 14)
- Re: To kill a sun: Paul Nash (Dec 15)