Vulnerability Development mailing list archives
Re: Local root through vulnerability in ping on linux.
From: mmurray () TAOS COM
Date: Mon, 21 Aug 2000 04:39:46 -0700
Hey all...
I discovered this issue a while ago; IIRC, the ping program in RHL
segfaults at a certain number of bytes (256 over maximum ping length?).
However, this is NOT EXPLOITABLE, as far as I could tell; ping is not suid, and
this segfault requires root priveledges to attain (due to the necessity of a
raw socket).
This is not standard linux; this is in the redhat version of ping only.
That's why debian, slackware, etc. aren't affected...
Mike
___________________________________________________________
Mike Murray mmurray () taos com
System and Network Administrator
Taos -- The Sys Admin Company
San Francisco, CA
Phone:415-469-0297
Pager: 415-253-2786
___________________________________________________________
Current thread:
- Re: Local root through vulnerability in ping on linux., (continued)
- Re: Local root through vulnerability in ping on linux. Daniel Jacobowitz (Aug 21)
- Re: Local root through vulnerability in ping on linux. Bluefish (P.Magnusson) (Aug 22)
- Re: Local root through vulnerability in ping on linux. Hue-Bond (Aug 21)
- Re: Local root through vulnerability in ping on linux. Ronald Huizer (Aug 22)
- Re: Local root through vulnerability in ping on linux. geoff (Aug 22)
- Re: Local root through vulnerability in ping on linux. Bluefish (P.Magnusson) (Aug 22)
- Re: Local root through vulnerability in ping on linux. Michal Zalewski (Aug 22)
- Re: Local root through vulnerability in ping on linux. Matt Wilson (Aug 23)
- Re: Local root through vulnerability in ping on linux. mmurray (Aug 21)
- Re: Local root through vulnerability in ping on linux. Bluefish (P.Magnusson) (Aug 22)
- Re: Local root through vulnerability in ping on linux. Daniel Roesen (Aug 22)