Bugtraq mailing list archives
Re: Very interesting traceroute flaw
From: Casper Dik <Casper.Dik () HOLLAND SUN COM>
Date: Fri, 29 Sep 2000 12:47:43 +0200
I'm starting with a credit section because I did not discover this flaw. The flaw was discovered by Pekka Savola <pekkas () netcore fi>, who noted that traceroute could be caused to crash, which is pretty suboptimal behaviour for a suid-root program :-) I took this forward and speculate that in fact this very minor code flaw may well be exploitable.
Even though Solaris 7 and later include LBNL traceroute, the first version of the source checked into SCCS has the following interesting comment (this branch dates from 98/01/12): /* * LBNL bug fixed: used to call savestr(), which was buggy * it gives bus error when more than one -g used * savestr.h removed */ The code was completely removed when IPv6 support was integrated much later. Casper
Current thread:
- Very interesting traceroute flaw Chris Evans (Sep 29)
- Re: Very interesting traceroute flaw Sylvain Robitaille (Sep 29)
- Re: Very interesting traceroute flaw Martin Peikert (Sep 29)
- Re: Very interesting traceroute flaw Daniel Jacobowitz (Sep 30)
- Re: Very interesting traceroute flaw Casper Dik (Sep 29)
- Re: Very interesting traceroute flaw pedward (Sep 30)
- Re: Very interesting traceroute flaw Daniel Jacobowitz (Sep 30)
- Re: Very interesting traceroute flaw Elias Levy (Sep 30)