Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Solaris Ping bug (DoS)

From: pckizer () nostrum com (Philip Kizer)
Date: Thu, 26 Jun 1997 12:24:57 -0500

Adam Caldwell <adam () ATL ENI NET> wrote:

I briefly searched the bugtraq archives and didn't see this one, so here's a
way to reboot a Solaris box, and is exploitable by anyone with an account on
the system since ping is setuid root.


For those with access, Sun seems to have Bug Id: 1226919 open on the issue.



ping -sv -i 127.0.0.1 224.0.0.1

On solaris 2.5, causes the machine to reboot (personal experience).  I've
had independent reports of it crashing 2.5.1, and 2.5 (x86).  It probably works
on all versions of Solaris.

To "fix" the denial of service:
chmod go-x /usr/sbin/ping
if you don't mind disabling Ping on your system.


In my quick testing, it seems that there is another workaround if:

  1: You do not require multicast support, and
  2: Have the opportunity to reboot your machine.

Just comment out the "route add 224.0.0.0 ..." in /etc/init.d/inetsvc and
reboot.  Even just doing the 'route delete 224.0.0.0 ...' still allowed the
panic.


_________________________________________________________ Philip Kizer ______
                                                          pckizer () nostrum com
Previous By Date Next
Previous By Thread Next

Current thread: