Bugtraq mailing list archives

Re: Solaris Ping bug (DoS)

From: Jes.Sorensen () CERN CH (Jes Sorensen)
Date: Thu, 26 Jun 1997 13:37:17 +0200

"Adam" == Adam Caldwell <adam () ATL ENI NET> writes:


Adam> I briefly searched the bugtraq archives and didn't see this one,
Adam> so here's a way to reboot a Solaris box, and is exploitable by
Adam> anyone with an account on the system since ping is setuid root.

Adam> ping -sv -i 127.0.0.1 224.0.0.1

Adam> On solaris 2.5, causes the machine to reboot (personal
Adam> experience).  I've had independent reports of it crashing 2.5.1,
Adam> and 2.5 (x86).  It probably works on all versions of Solaris.

For what its worth, this bug is also present in 2.6-beta2, haven't
tested the release version of 2.6 yet.

Jes

Current thread:

Re: Solaris Ping bug (DoS) Jes Sorensen (Jun 26)
- Re: Solaris Ping bug (DoS) Kevin M Lynn (Jun 26)
- <Possible follow-ups>
- Re: Solaris Ping bug (DoS) Will Kempf (Jun 27)
  - Re: Solaris Ping bug (DoS) Philip Kizer (Jun 27)
  - smbmount buffer overflow Gerald Britton (Jun 27)
    - Solaris Ping DOS - Best solution? Anton T. Rager (Jun 27)
    - Re: smbmount buffer overflow Volker.Lendecke (Jun 28)
    - BIND/iX updated to 8.1.1-REL production release Aleph One (Jun 28)
    - ping exploit fATE 1997 BABY (Jun 28)
    - sping binary fATE 1997 BABY (Jun 28)
    - [ALERT] Another nuke. Aleph One (Jun 29)

(Thread continues...)