Bugtraq mailing list archives

Re: Very interesting traceroute flaw

From: Sylvain Robitaille <syl () ALCOR CONCORDIA CA>
Date: Fri, 29 Sep 2000 11:50:15 -0400

Chris Evans wrote:

This flaw in traceroute (if your version is vulnerable) is tickled
like this:

traceroute -g 1 -g 1       (I think it didn't need a hostname)
Segmentation fault


For the record, I tested this on Slackware Linux (4.0, and 3.x), as well
as Digital (Compaq) Unix versions 4.0d, 4.0e, and 4.0g, and Solaris-2.7,
and found that none of those systems have a vulnerable version of
traceroute.

On the Linux systems, traceroute doesn't accept the '-g' option; Solaris
traceroute complains without a hostname, and runs with one, (no
segmentation fault, though the output appears unreliable); All tested
versions of Digital Unix dutifully try to traceroute to 0.0.0.1.

--
----------------------------------------------------------------------
Sylvain Robitaille                              syl () alcor concordia ca

Systems analyst                                   Concordia University
Instructional & Information Technology        Montreal, Quebec, Canada
----------------------------------------------------------------------

Current thread:

Very interesting traceroute flaw Chris Evans (Sep 29)
- Re: Very interesting traceroute flaw Sylvain Robitaille (Sep 29)
- Re: Very interesting traceroute flaw Martin Peikert (Sep 29)
  - Re: Very interesting traceroute flaw Daniel Jacobowitz (Sep 30)
- Re: Very interesting traceroute flaw Casper Dik (Sep 29)
- Re: Very interesting traceroute flaw pedward (Sep 30)
  - Re: Very interesting traceroute flaw Daniel Jacobowitz (Sep 30)
- Re: Very interesting traceroute flaw Elias Levy (Sep 30)