Vulnerability Development mailing list archives
Re: ping -i (TTL) Vulnerability
From: erasor <erasor () ERASORS NET>
Date: Wed, 21 Feb 2001 17:08:50 -0800
Microsoft Windows 2000 [Version 5.00.2195] (C) Copyright 1985-1999 Microsoft Corp. C:\>ping -t 127.0.0.1 -i 0 Bad value for option -i, valid range is from 1 to 255. C:\> ------------------------- Microsoft Windows 98 (C) Copyright Microsoft Corp 1981-1998. C:\>ping -t 127.0.0.1 -i 0 Bad value for option -i, valid range is from 1 to 255. C:\> Both dropped to a prompt with no incident. No NT4 installed so I couldn't check that. : A funny (local and possibly remote too) bug in command.com. What makes you think its a bug in command.com if ping.exe is not checking its parameters ? : for a response from you, or it may have stopped executing". This indicates : that its still busy on the background, I could not discover with what. I would say command.com was busy handling ping.exe Of course, this is all guess-work since I can't recreate the error :c) ----- Original Message ----- From: "-No Strezzz Cazzz" <Butterphly6 () CAZZZ DEMON NL> To: <VULN-DEV () SECURITYFOCUS COM> Sent: Tuesday, February 20, 2001 8:25 PM Subject: ping -i (TTL) Vulnerability : A funny (local and possibly remote too) bug in command.com. : : If you set the -i option (TTL) to 0, in a ping, a funny bug gets triggered : that'll wh00p your CPU Usage to 100%. That is if you also set the -t option : (Ping the specified host until interrupted). Your command.com shell will get : flooded with "Bad option specified" messages. In example: a normal ping -t : would put your CPU usage to about 3%. When you're done (Ctrl-c) and you want : to close your command.com you'll get the following message: "This Windows : application cannot respond to the End Task request. It may be busy, waiting : for a response from you, or it may have stopped executing". This indicates : that its still busy on the background, I could not discover with what. : : Try it: C:\>ping -t 127.0.0.1 -i 0 : That should do the trick. : : This is tested from NT4 Workstation, Service Pack 4. : : No doubt this bug should also be able to be triggered from a remote location : and cause panic on your network/servers. We're also pretty sure that this : bug should be able to cause way more hav0c. As matter of fact we're : performing tests as we speak. Care to help us out? Mail us your suggestions : at: : : Special_Projects () cazzz demon nl (The Lab) : : Industrial_Strength () cazzz demon nl (The Exploiters) : : Another fine Planet Cazzz Production/Advisory, in assosiation with The : Nations Top. We cannot be held responsible for your actions, but you can : try. PCP/A #0002 (pr0ph). : : We want to say hell0 to all the Crackers, the Hackers and the Phreax. We : want to say hell to all the people in this place. We want to say hell0 to : all the Sinners and 31337. We say hell0 to all the people in the world... : : : : -No Strezzz Cazzz, Powered By UN0X =] : : If TCP/IP is the Pavement, HTTP is Cazzzoline... :
Current thread:
- ping -i (TTL) Vulnerability -No Strezzz Cazzz (Feb 21)
- Re: ping -i (TTL) Vulnerability Damian Menscher (Feb 21)
- Re: ping -i (TTL) Vulnerability Jason Witty (Feb 21)
- Re: ping -i (TTL) Vulnerability Weiss, Bill (Feb 21)
- Re: ping -i (TTL) Vulnerability erasor (Feb 21)
- Re: ping -i (TTL) Vulnerability Knud Erik Højgaard - CyberCity Support (Feb 22)
- <Possible follow-ups>
- Re: ping -i (TTL) Vulnerability Jeff Oliver (Feb 21)
- Re: ping -i (TTL) Vulnerability Niels Vaes (Feb 21)
- Re: ping -i (TTL) Vulnerability Mark Villanova (Feb 21)
- Re: ping -i (TTL) Vulnerability Leo R. Lundgren (Feb 21)
- Re: ping -i (TTL) Vulnerability Reverend Lola (Feb 21)
- Re: ping -i (TTL) Vulnerability rpc (Feb 22)
- Re: ping -i (TTL) Vulnerability Reddog Hummer (Feb 22)
- Re: ping -i (TTL) Vulnerability -No Strezzz Cazzz (Feb 22)
(Thread continues...)