Vulnerability Development mailing list archives
Re: Local root through vulnerability in ping on linux.
From: geoff <geoff () cardboardtransmitter net>
Date: Tue, 22 Aug 2000 21:44:25 -0400
On Mon, 21 Aug 2000 18:06:28 +0200, you wrote:
El lunes 21 de agosto de 2000 a la(s) 10:26:34 +0200, Michal Zalewski contaba:What about 'traceroute -g 127.0.0.1 127.0.0.1' and other combinations (depending on DNS entry and IP number representation, you can cause many interesting memory dumps or some SEGVs on RH 6.2 Linux box and many other boxes as well)?Yes, certainly. This is a Debian 2.2: $ /usr/sbin/traceroute -g 127.0.0.1 127.0.0.1 traceroute to (127.0.0.1), 30 hops max, 46 byte packets traceroute: sendto: Argumento inválido 1 traceroute: wrote WUJ¡9å 46 _ =1 After this, the chars in screen got scrambled as if you type ^V^N^M at the shell prompt. traceroute version 1.4a5-2 installed.lcamtuf () tpi pl
[geoff@schubert geoff]$ uname -a Linux schubert.nodecaf.com 2.2.14-15mdk #1 Tue Jan 4 22:24:20 CET 2000 i686 unknown [geoff@schubert geoff]$ /usr/sbin/traceroute -g 127.0.0.1 255.255.255.255 Segmentation fault [geoff@schubert geoff]$ /usr/sbin/traceroute -g 127.0.0.1 127.0.0.1 traceroute to (127.0.0.1), 30 hops max, 46 byte packets traceroute: sendto: Invalid argument 1 traceroute: wrote %H ,£9×2 46 chars, ret=-1 *traceroute: sendto: Invalid argument traceroute: wrote gE ,£9?4 46 chars, ret=-1 [geoff@schubert geoff]$ ---- [geoff@devweb geoff]$ uname -a Linux devweb.nodecaf.com 2.2.14-5.0 #1 Tue Mar 7 21:07:39 EST 2000 i686 unknown [geoff@devweb geoff]$ /usr/sbin/traceroute -g 127.0.0.1 255.255.255.255 Segmentation fault [geoff@devweb geoff]$ /usr/sbin/traceroute -g 127.0.0.1 127.0.0.1 traceroute to (127.0.0.1), 30 hops max, 46 byte packets traceroute: sendto: Invalid argument 1 traceroute: wrote R Ò+£9Ú 46 chars, ret=-1 [geoff@devweb geoff]$ ----- [geoff@snuggles geoff]$ uname -a FreeBSD snuggles.nodecaf.com 4.0-20000307-CURRENT FreeBSD 4.0-20000307-CURRENT #0: Wed Mar 8 00:14:33 GMT 2000 root () monster cdrom com:/usr/src/sys/compile/GENERIC i386 [geoff@snuggles geoff]$ /usr/sbin/traceroute -g 127.0.0.1 127.0.0.1 traceroute to 127.0.0.1 (127.0.0.1), 30 hops max, 48 byte packets 1 * * * 2 * * * ^C [geoff@snuggles geoff]$ /usr/sbin/traceroute -g 127.0.0.1 255.255.255.255 traceroute to 255.255.255.255 (255.255.255.255), 30 hops max, 48 byte packets 1 * * * 2 * * * ^C [geoff@snuggles geoff]$ ----- -- geoff A UI is about making the computer's power easy to exploit, not about making new users feel comfortable. -- http://slashdot.org/comments.pl?sid=00/08/18/1711210&cid=83
Current thread:
- Re: Local root through vulnerability in ping on linux., (continued)
- Re: Local root through vulnerability in ping on linux. Misa (Aug 21)
- Re: Local root through vulnerability in ping on linux. Goense, Jacob (Aug 20)
- Re: Local root through vulnerability in ping on linux. Joe User (Aug 21)
- Re: Local root through vulnerability in ping on linux. Rodrigo Barbosa (aka morcego) (Aug 21)
- Re: Local root through vulnerability in ping on linux. Murvai-Buzogany Laszlo (Aug 21)
- Re: Local root through vulnerability in ping on linux. Michal Zalewski (Aug 21)
- Re: Local root through vulnerability in ping on linux. Daniel Jacobowitz (Aug 21)
- Re: Local root through vulnerability in ping on linux. Bluefish (P.Magnusson) (Aug 22)
- Re: Local root through vulnerability in ping on linux. Hue-Bond (Aug 21)
- Re: Local root through vulnerability in ping on linux. Ronald Huizer (Aug 22)
- Re: Local root through vulnerability in ping on linux. geoff (Aug 22)
- Re: Local root through vulnerability in ping on linux. Joe User (Aug 21)
- Re: Local root through vulnerability in ping on linux. Bluefish (P.Magnusson) (Aug 22)
- Re: Local root through vulnerability in ping on linux. Michal Zalewski (Aug 22)
- Re: Local root through vulnerability in ping on linux. Matt Wilson (Aug 23)
- Re: Local root through vulnerability in ping on linux. mmurray (Aug 21)
- Re: Local root through vulnerability in ping on linux. Bluefish (P.Magnusson) (Aug 22)
- Re: Local root through vulnerability in ping on linux. Daniel Roesen (Aug 22)