Vulnerability Development mailing list archives
Re: Local root through vulnerability in ping on linux.
From: Jackson Bloomston <jbloomston () news-press com>
Date: Mon, 21 Aug 2000 11:23:09 -0400
I only get this error as root on a Redhat 6.2 box... see below: Red Hat Linux release 6.2 (Zoot) Kernel 2.2.14-5.0 on an i686 login: jaxn Password: Last login: Mon Aug 21 08:56:53 on tty1 [jaxn@development jaxn]$ ping -c 1 -s 65690 localhost Error: packer size 65690 is too large. Maximum is 65507 [jaxn@development jaxn]$ su - Password: [root@development /root]# ping -c 1 -s 65690 localhost WARNING: packet size 65690 is too large. Maximum is 65507 Segmentation fault (core dumped) [root@development /root]# Thanks, Jackson Bloomston Information Systems The News-Press 941.335.0502 voice 941.335.0588 fax -----Original Message----- From: Peter Batenburg [SMTP:petertje () DEEJAYS NL] Sent: Monday, August 21, 2000 5:58 AM To: VULN-DEV () SECURITYFOCUS COM Subject: Re: Local root through vulnerability in ping on linux. bash# ping -c 1 -s 65690 localhost WARNING: packet size 65690 is too large. Maximum is 65507 Segmentation fault bash# uname -a Linux pc1 2.2.14-5.0 #1 Tue Mar 7 20:53:41 EST 2000 i586 unknown bash# cat /etc/redhat-release Red Hat Linux release 6.2 (Zoot) bash# [root@s2 /root]# ping -c 1 -s 65690 localhost WARNING: packet size 65690 is too large. Maximum is 65507 Segmentation fault [root@s2 /root]# uname -a Linux s2 2.2.14 #3 Thu Jan 27 16:06:53 MET 2000 i686 unknown [root@s2 /root]# cat /etc/redhat-release Red Hat Linux release 6.2 (Zoot) [root@s2 /root]# At 21:45 20-8-00 +0200, you wrote:
Hello, The original post author just sent me the command line he says to get the seg fault: ping -c 1 -s 65690 localhost I have tested on slackware 7 both with root and non root and none get seg fault. On RedHat 6.1 as normal user no seg fault occurs... With root you get seg fault after warning about packet size too big. Looks like his ping command was trojaned or something ;) Best Regards, Pedro Hugo Samu wrote:On Sat, Aug 19, 2000 at 08:39:35PM +0200, Ralf-Philipp Weinmann wrote:On Sat, 19 Aug 2000, Gerrie wrote:Again some blackhats have a zeroday exploits in their hands. It's exploits a bug in the linux kernel by using ping, does someonehavemore info?i tried your ping on a debian woody i386 and it doesn't work again: there are two packages with ping for debian one in iputils-ping ( which has ping for ipv6 ) one in netkit-ping the ping in iputils-ping packages is more like "redhattish" ( broadcast ? then ping -b .... ARGHHH ) and it gives to user the capability to set ICMP packet size with -s . with the other packages ( a normal ping ) you can't if you aren't root to set your icmp packet size even it's suid root . ( and that to answer to ping flooding as user thread ) . none of the two "ping " give me DOS or kernel bug ( i tried on 2.2.16 and 2.4.0-test4 ) . i can suggest you to rm you old ping and use this one from debian cee ya samuele -- Samuele Tonon <samu () mclink it> Undergraduate Student of Computer Science at University of Bologna,ItalySystem administrator at Computer Science Lab's, University of Bologna,ItalyFounder & Member of A.A.H.T. UIN 3155609 Acid -- better living through chemistry. Timothy Leary-- -------------------------------------------- Pedro Hugo Director of Unix Server Administration HighSpeedWeb Support Team fractalg () highspeedweb net ICQ # 38178251 http://www.highspeedweb.net Genesis II Networks LLC --------------------------------------------
Groetjes Petertje
Current thread:
- Re: Local root through vulnerability in ping on linux., (continued)
- Re: Local root through vulnerability in ping on linux. Ronald Huizer (Aug 22)
- Re: Local root through vulnerability in ping on linux. geoff (Aug 22)
- Re: Local root through vulnerability in ping on linux. Bluefish (P.Magnusson) (Aug 22)
- Re: Local root through vulnerability in ping on linux. Michal Zalewski (Aug 22)
- Re: Local root through vulnerability in ping on linux. Matt Wilson (Aug 23)
- Re: Local root through vulnerability in ping on linux. Matthew Wilson (Aug 21)
- Re: Local root through vulnerability in ping on linux. mmurray (Aug 21)
- Re: Local root through vulnerability in ping on linux. Bluefish (P.Magnusson) (Aug 22)
- Re: Local root through vulnerability in ping on linux. Daniel Roesen (Aug 22)