Bugtraq mailing list archives

Re: Solaris Ping bug (DoS)

From: alanc () GODZILLA EECS BERKELEY EDU (Alan Coopersmith)
Date: Thu, 3 Jul 1997 10:15:03 -0700


On Thu, 26 Jun 1997 00:08:29 -0400, Adam Caldwell <adam () ATL ENI NET> wrote:

I briefly searched the bugtraq archives and didn't see this one, so here's a
way to reboot a Solaris box, and is exploitable by anyone with an account on
the system since ping is setuid root.

ping -sv -i 127.0.0.1 224.0.0.1


Patches claiming to fix this were posted on ftp://sunsolve1.sun.com/pub/patches
today:
        103630-09:      SunOS 5.5.1: ip ifconfig arp udp icmp patch
        103631-09:      SunOS 5.5.1_x86: ip ifconfig arp udp icmp patch
        103169-12:      SunOS 5.5: arp,ip,udp,icmp driver and ifconfig fixes
        103170-12:      SunOS 5.5_x86: arp,ip,udp,icmp driver, ifconfig fixes

I don't see patches for earlier releases yet, but since the affected files
on those OS'es have already been put into the kernel jumbo patch, presumably
the fixes will appear in future versions of their kernel jumbo patches (which
take a lot longer to release due to the extra testing required for making such
major changes to the OS).



________________________________________________________________________
Alan Coopersmith                        alanc () godzilla EECS Berkeley EDU
Univ. of California at Berkeley         http://soar.Berkeley.EDU/~alanc/
aka:   alanc@{CSUA,OCF,CS,BMRC,ucsee.eecs,cory.eecs,server}.Berkeley.EDU

Current thread:

Re: Solaris Ping bug (DoS) Alan Coopersmith (Jul 03)
- <Possible follow-ups>
- Re: Solaris Ping bug (DoS) Fraggle (Jul 03)
  - Re: Solaris Ping bug (DoS) Dalvenjah FoxFire (Jul 09)
    - Re: Solaris Ping bug (DoS) hedge (Jul 10)
    - Re: Solaris Ping bug (DoS) Casper Dik (Jul 10)
- Re: Solaris Ping bug (DoS) Brad Powell (Jul 09)