Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Local root through vulnerability in ping on linux.

From: Michal Zalewski <lcamtuf () DIONE IDS PL>
Date: Mon, 21 Aug 2000 10:26:34 +0200
On Sun, 20 Aug 2000, Goense, Jacob wrote:


[root@localhost /root]# ping -c 1 -s 65690 localhost
WARNING: packet size 65690 is too large. Maximum is 65507
Segmentation fault (core dumped)


Oh yes, will work if you're trying to gain root having root privledges
already ;)

What about 'traceroute -g 127.0.0.1 127.0.0.1' and other combinations
(depending on DNS entry and IP number representation, you can cause many
interesting memory dumps or some SEGVs on RH 6.2 Linux box and many other
boxes as well)?

_______________________________________________________
Michal Zalewski [lcamtuf () tpi pl] [tp.internet/security]
[http://lcamtuf.na.export.pl] <=--=> bash$ :(){ :|:&};:
=-----=> God is real, unless declared integer. <=-----=
Previous By Date Next
Previous By Thread Next

Current thread: