Vulnerability Development mailing list archives
Re: Local root through vulnerability in ping on linux.
From: Daniel Jacobowitz <dmj+ () ANDREW CMU EDU>
Date: Mon, 21 Aug 2000 12:24:41 -0700
On Mon, Aug 21, 2000 at 10:26:34AM +0200, Michal Zalewski wrote:
On Sun, 20 Aug 2000, Goense, Jacob wrote:[root@localhost /root]# ping -c 1 -s 65690 localhost WARNING: packet size 65690 is too large. Maximum is 65507 Segmentation fault (core dumped)Oh yes, will work if you're trying to gain root having root privledges already ;) What about 'traceroute -g 127.0.0.1 127.0.0.1' and other combinations (depending on DNS entry and IP number representation, you can cause many interesting memory dumps or some SEGVs on RH 6.2 Linux box and many other boxes as well)?
This came up on security-audit about a month ago. It's a multiple-free() issue. To the best of my knowledge, and I spent about a solid week trying, there's no way to exploit it, at least not on Intel or PowerPC. I can't get quite enough user data in there. Check the security-audit archive (is there one, actually?) for more about this. Dan /--------------------------------\ /--------------------------------\ | Daniel Jacobowitz |__| SCS Class of 2002 | | Debian GNU/Linux Developer __ Carnegie Mellon University | | dan () debian org | | dmj+ () andrew cmu edu | \--------------------------------/ \--------------------------------/
Current thread:
- Re: Local root through vulnerability in ping on linux., (continued)
- Re: Local root through vulnerability in ping on linux. Pedro Hugo (Aug 20)
- Re: Local root through vulnerability in ping on linux. Peter Batenburg (Aug 21)
- Re: Local root through vulnerability in ping on linux. PatrickM (Aug 21)
- Re: Local root through vulnerability in ping on linux. Martin MaD Douda (Aug 21)
- Re: Local root through vulnerability in ping on linux. Joe User (Aug 21)
- Re: Local root through vulnerability in ping on linux. Rodrigo Barbosa (aka morcego) (Aug 21)
- Re: Local root through vulnerability in ping on linux. Murvai-Buzogany Laszlo (Aug 21)
- Re: Local root through vulnerability in ping on linux. Michal Zalewski (Aug 21)
- Re: Local root through vulnerability in ping on linux. Daniel Jacobowitz (Aug 21)
- Re: Local root through vulnerability in ping on linux. Bluefish (P.Magnusson) (Aug 22)
- Re: Local root through vulnerability in ping on linux. Hue-Bond (Aug 21)
- Re: Local root through vulnerability in ping on linux. Ronald Huizer (Aug 22)
- Re: Local root through vulnerability in ping on linux. geoff (Aug 22)
- Re: Local root through vulnerability in ping on linux. mmurray (Aug 21)