Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Solaris Ping bug (DoS)

From: wgkempf () 2access com (Will Kempf)
Date: Fri, 27 Jun 1997 11:33:23 -0500

Not quite -- I have a Solaris 2.5.1 system which panics, but does not
have the multicast routing enabled. (Disabled as suggested below.)

Philip Kizer wrote:


Adam Caldwell <adam () ATL ENI NET> wrote:

I briefly searched the bugtraq archives and didn't see this one, so

here's a

way to reboot a Solaris box, and is exploitable by anyone with an

account on

the system since ping is setuid root.


For those with access, Sun seems to have Bug Id: 1226919 open on the
issue.


ping -sv -i 127.0.0.1 224.0.0.1

On solaris 2.5, causes the machine to reboot (personal experience).

I've

had independent reports of it crashing 2.5.1, and 2.5 (x86).  It

probably works

on all versions of Solaris.

To "fix" the denial of service:
chmod go-x /usr/sbin/ping
if you don't mind disabling Ping on your system.


In my quick testing, it seems that there is another workaround if:

  1: You do not require multicast support, and
  2: Have the opportunity to reboot your machine.

Just comment out the "route add 224.0.0.0 ..." in /etc/init.d/inetsvc
and
reboot.  Even just doing the 'route delete 224.0.0.0 ...' still
allowed the
panic.

_________________________________________________________ Philip Kizer
______

pckizer () nostrum com
Previous By Date Next
Previous By Thread Next

Current thread: