Bugtraq mailing list archives
Re: Solaris Ping bug (DoS)
From: wgkempf () 2access com (Will Kempf)
Date: Fri, 27 Jun 1997 11:33:23 -0500
Not quite -- I have a Solaris 2.5.1 system which panics, but does not have the multicast routing enabled. (Disabled as suggested below.) Philip Kizer wrote:
Adam Caldwell <adam () ATL ENI NET> wrote:I briefly searched the bugtraq archives and didn't see this one, sohere's away to reboot a Solaris box, and is exploitable by anyone with anaccount onthe system since ping is setuid root.For those with access, Sun seems to have Bug Id: 1226919 open on the issue.ping -sv -i 127.0.0.1 224.0.0.1 On solaris 2.5, causes the machine to reboot (personal experience).I'vehad independent reports of it crashing 2.5.1, and 2.5 (x86). Itprobably workson all versions of Solaris. To "fix" the denial of service: chmod go-x /usr/sbin/ping if you don't mind disabling Ping on your system.In my quick testing, it seems that there is another workaround if: 1: You do not require multicast support, and 2: Have the opportunity to reboot your machine. Just comment out the "route add 224.0.0.0 ..." in /etc/init.d/inetsvc and reboot. Even just doing the 'route delete 224.0.0.0 ...' still allowed the panic. _________________________________________________________ Philip Kizer ______ pckizer () nostrum com
Current thread:
- Re: Solaris Ping bug (DoS) Jes Sorensen (Jun 26)
- Re: Solaris Ping bug (DoS) Kevin M Lynn (Jun 26)
- <Possible follow-ups>
- Re: Solaris Ping bug (DoS) Will Kempf (Jun 27)
- Re: Solaris Ping bug (DoS) Philip Kizer (Jun 27)
- smbmount buffer overflow Gerald Britton (Jun 27)
- Solaris Ping DOS - Best solution? Anton T. Rager (Jun 27)
- Re: smbmount buffer overflow Volker.Lendecke (Jun 28)
- BIND/iX updated to 8.1.1-REL production release Aleph One (Jun 28)
- ping exploit fATE 1997 BABY (Jun 28)
- sping binary fATE 1997 BABY (Jun 28)
- [ALERT] Another nuke. Aleph One (Jun 29)
- Re: [ALERT] Another nuke. Brian Mitchell (Jun 29)
- Re: Another nuke. Bob Tinsley (Jun 30)