Vulnerability Development mailing list archives

Re: Local root through vulnerability in ping on linux.

From: "Bluefish (P.Magnusson)" <11a () GMX NET>
Date: Tue, 22 Aug 2000 15:47:28 +0200

Doesn't seem exploitable, but a bit funny :)

To keep it short, no coredump so far, neither as root or user, no matter
packet size while doing /usr/sbin/traceroute -g 127.0.0.1 127.0.0.1

..:::::::::::::::::::::::::::::::::::::::::::::::::..
     http://www.11a.nu || http://bluefish.11a.nu  
    eleventh alliance development & security team       


[bluefish@blue bluefish]$ /usr/sbin/traceroute -g 127.0.0.1 127.0.0.1
traceroute to  (127.0.0.1), 30 hops max, 48 byte packets
traceroute: sendto: Invalid argument
 1 traceroute: wrote ÷u 48 chars, ret=-1

 *traceroute: sendto: Invalid argument
traceroute: wrote Þv 48 chars, ret=-1
 *traceroute: sendto: Invalid argument
traceroute: wrote Øu 48 chars, ret=-1
 *
traceroute: sendto: Invalid argument
 2 traceroute: wrote Vs 48 chars, ret=-1

[bluefish@blue bluefish]$ /usr/sbin/traceroute -g 127.0.0.1 127.0.0.1
65507
traceroute to  (127.0.0.1), 30 hops max, 65507 byte packets
traceroute: sendto: Invalid argument
 1 traceroute: wrote â 65507 chars, ret=-1

[bluefish@blue bluefish]$ /usr/sbin/traceroute -g 127.0.0.1 127.0.0.1
65508
traceroute to  (127.0.0.1), 30 hops max, 65508 byte packets
traceroute: sendto: Invalid argument
 1 traceroute: wrote µ 65508 chars, ret=-1

[bluefish@blue bluefish]$ /usr/sbin/traceroute -g 127.0.0.1 127.0.0.1
65690
traceroute to  (127.0.0.1), 30 hops max, 65690 byte packets
traceroute: sendto: Message too long
 1 traceroute: wrote ¨ 65690 chars, ret=-1
^[[?6c
 *traceroute: sendto: Message too long
traceroute: wrote  65690 chars, ret=-1
 *traceroute: sendto: Message too long
traceroute: wrote ú« 65690 chars, ret=-1
 *
traceroute: sendto: Message too long
 2 traceroute: wrote r© 65690 chars, ret=-1


similary, with root:

[root@blue bluefish]# /usr/sbin/traceroute -g 127.0.0.1 127.0.0.1 65507
traceroute to  (127.0.0.1), 30 hops max, 65507 byte packets
traceroute: sendto: Invalid argument
 1 traceroute: wrote ]t 65507 chars, ret=-1


[root@blue bluefish]# /usr/sbin/traceroute -g 127.0.0.1 127.0.0.1 65508
traceroute to  (127.0.0.1), 30 hops max, 65508 byte packets
traceroute: sendto: Invalid argument
 1 traceroute: wrote &` 65508 chars, ret=-1
 *traceroute: sendto: Invalid argument
traceroute: wrote ól 65508 chars, ret=-1

[root@blue bluefish]# /usr/sbin/traceroute -g 127.0.0.1 127.0.0.1 65690
traceroute to  (127.0.0.1), 30 hops max, 65690 byte packets
traceroute: sendto: Message too long
 1 traceroute: wrote oº 65690 chars, ret=-1
 *traceroute: sendto: Message too long
traceroute: wrote ÉÅ 65690 chars, ret=-1
 *traceroute: sendto: Message too long
traceroute: wrote âÄ 65690 chars, ret=-1

Current thread:

Re: Local root through vulnerability in ping on linux., (continued)
- Re: Local root through vulnerability in ping on linux. Goense, Jacob (Aug 20)
  - Re: Local root through vulnerability in ping on linux. Joe User (Aug 21)
    - Re: Local root through vulnerability in ping on linux. Rodrigo Barbosa (aka morcego) (Aug 21)
  - Re: Local root through vulnerability in ping on linux. Murvai-Buzogany Laszlo (Aug 21)
  - Re: Local root through vulnerability in ping on linux. Michal Zalewski (Aug 21)
    - Re: Local root through vulnerability in ping on linux. Daniel Jacobowitz (Aug 21)
    - Re: Local root through vulnerability in ping on linux. Bluefish (P.Magnusson) (Aug 22)
    - Re: Local root through vulnerability in ping on linux. Hue-Bond (Aug 21)
    - Re: Local root through vulnerability in ping on linux. Ronald Huizer (Aug 22)
    - Re: Local root through vulnerability in ping on linux. geoff (Aug 22)
    - Re: Local root through vulnerability in ping on linux. Bluefish (P.Magnusson) (Aug 22)
    - Re: Local root through vulnerability in ping on linux. Michal Zalewski (Aug 22)
    - Re: Local root through vulnerability in ping on linux. Matt Wilson (Aug 23)
  - Re: Local root through vulnerability in ping on linux. Matthew Wilson (Aug 21)
- Re: Local root through vulnerability in ping on linux. Vitaly McLain (Aug 21)
  - Re: Local root through vulnerability in ping on linux. mmurray (Aug 21)
    - Re: Local root through vulnerability in ping on linux. Bluefish (P.Magnusson) (Aug 22)
    - Re: Local root through vulnerability in ping on linux. Daniel Roesen (Aug 22)
- Re: Local root through vulnerability in ping on linux. Jackson Bloomston (Aug 21)