Bugtraq mailing list archives
Re: Solaris Ping bug (DoS)
From: pckizer () nostrum com (Philip Kizer)
Date: Thu, 26 Jun 1997 12:24:57 -0500
Adam Caldwell <adam () ATL ENI NET> wrote:
I briefly searched the bugtraq archives and didn't see this one, so here's a way to reboot a Solaris box, and is exploitable by anyone with an account on the system since ping is setuid root.
For those with access, Sun seems to have Bug Id: 1226919 open on the issue.
ping -sv -i 127.0.0.1 224.0.0.1 On solaris 2.5, causes the machine to reboot (personal experience). I've had independent reports of it crashing 2.5.1, and 2.5 (x86). It probably works on all versions of Solaris. To "fix" the denial of service: chmod go-x /usr/sbin/ping if you don't mind disabling Ping on your system.
In my quick testing, it seems that there is another workaround if: 1: You do not require multicast support, and 2: Have the opportunity to reboot your machine. Just comment out the "route add 224.0.0.0 ..." in /etc/init.d/inetsvc and reboot. Even just doing the 'route delete 224.0.0.0 ...' still allowed the panic. _________________________________________________________ Philip Kizer ______ pckizer () nostrum com
Current thread:
- Re: [ADVISORY] 4.4BSD Securelevels Charles M. Hannum (Jun 25)
- Re: [ADVISORY] 4.4BSD Securelevels Thomas H. Ptacek (Jun 25)
- Solaris Ping bug (DoS) Adam Caldwell (Jun 25)
- Re: Solaris Ping bug (DoS) Gnuchev Fedor (Jun 26)
- Re: Solaris Ping bug (DoS) just me. (Jun 26)
- Re: Solaris Ping bug (DoS) Francesco Messineo (Jun 26)
- 'sec-fix' for NT 3.51 Aleph One (Jun 26)
- Problem in dxterm (ULTRIX) Trevor Schroeder (Jun 26)
- Re: Solaris Ping bug (DoS) Philip Kizer (Jun 26)
- Solaris Ping bug(inetsvc) Renteria Tabares J. (Jun 27)
- Announce: ypcat for Win NT/95 Aaron Spangler (Jun 27)
- Re: Solaris Ping bug (DoS) Geoff Mulligan (Jun 27)
- Win95 ping bug nomad () APOLLO TOMCO NET (Jun 29)
- Re: Solaris Ping bug (DoS) Jon Edwards (Jun 30)
- Alert: Routing and RAS Filtering issue Aleph One (Jun 27)
- Solaris Ping Bug and other [bc] oddities Aleph One (Jun 23)
- <Possible follow-ups>
- Re: [ADVISORY] 4.4BSD Securelevels Howie Kaye (Jun 26)
- Re: [ADVISORY] 4.4BSD Securelevels Thomas H. Ptacek (Jun 26)
- SUMMARY: Solaris Ping bug (DoS) Gnuchev Fedor (Jun 27)
(Thread continues...)