Bugtraq mailing list archives
Solaris ping exploit
From: secure () SUNSC ENG SUN COM (Sun Security Coordination Team)
Date: Mon, 30 Jun 1997 15:23:54 -0700
-----BEGIN PGP SIGNED MESSAGE----- Several people have made comments on how one can panic a Solaris system using ping, and on how to protect one's system from this exploit. Thanks to those who contributed to the dialogue and subsequent solutions. Sun is developing patches for Solaris 2.3 to 2.5.1 to fix this. The latest version of Solaris 2.6 has been fixed and SunOS 4.1.3_U1 and 4.1.4 are not affected. Sun will announce these patches in an upcoming Security Bulletin soon. As a temporary workaround, Sun strongly recommends that all affected systems be protected by executing the following command as root: /usr/sbin/ndd -set /dev/ip ip_respond_to_echo_broadcast 0 and add the statement to /etc/init.d/inetinit to effect the workaround at each reboot. Sun has tested the workaround, and has found no negative side effects. Questions or comments regarding this issue can be sent to security-alert () sun com. General support questions should be directed to your local SunService, SunSoft Support Services or reseller support offices. Regards, Sun Security Coordination Team -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBM7gu3LdzzzOFBFjJAQHpdwQAngbp8mRsJBE3Bhu80bFup6I8tosrziqg l8fiif7y1U1xqtgDQuv731PnjgkbNAlVy8ZMhIcDo8pZiuAG8rzBBZsIako4psIW XA7L46OEqGgu2Gw/MyDKzuTd2hIiJfAuzTEQcmWaAUeOYRoB1OreYC7uu5lfK0ar YIZtmRXrNjI= =YxUW -----END PGP SIGNATURE-----
Current thread:
- Solaris ping exploit Sun Security Coordination Team (Jun 30)