Re: ping -i (TTL) Vulnerability

[erasor <erasor () ERASORS NET>]

Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-1999 Microsoft Corp.
C:\>ping -t 127.0.0.1 -i 0
Bad value for option -i, valid range is from 1 to 255.
C:\>

-------------------------

Microsoft Windows 98
     (C) Copyright Microsoft Corp 1981-1998.
C:\>ping -t 127.0.0.1 -i 0
Bad value for option -i, valid range is from 1 to 255.
C:\>

Both dropped to a prompt with no incident.

No NT4 installed so I couldn't check that.

: A funny (local and possibly remote too) bug in command.com.

What makes you think its a bug in command.com
if ping.exe is not checking its parameters ?

: for a response from you, or it may have stopped executing". This indicates
: that its still busy on the background, I could not discover with what.

I would say command.com was busy handling ping.exe

Of course, this is all guess-work since I can't recreate the error :c)


----- Original Message -----
From: "-No Strezzz Cazzz" <Butterphly6 () CAZZZ DEMON NL>
To: <VULN-DEV () SECURITYFOCUS COM>
Sent: Tuesday, February 20, 2001 8:25 PM
Subject: ping -i (TTL) Vulnerability


: A funny (local and possibly remote too) bug in command.com.
:
: If you set the -i option (TTL) to 0, in a ping, a funny bug gets triggered
: that'll wh00p your CPU Usage to 100%. That is if you also set the -t option
: (Ping the specified host until interrupted). Your command.com shell will get
: flooded with "Bad option specified" messages. In example: a normal ping -t
: would put your CPU usage to about 3%. When you're done (Ctrl-c) and you want
: to close your command.com you'll get the following message: "This Windows
: application cannot respond to the End Task request. It may be busy, waiting
: for a response from you, or it may have stopped executing". This indicates
: that its still busy on the background, I could not discover with what.
:
: Try it:  C:\>ping -t 127.0.0.1 -i 0
: That should do the trick.
:
: This is tested from NT4 Workstation, Service Pack 4.
:
: No doubt this bug should also be able to be triggered from a remote location
: and cause panic on your network/servers. We're also pretty sure that this
: bug should be able to cause way more hav0c. As matter of fact we're
: performing tests as we speak. Care to help us out? Mail us your suggestions
: at:
:
: Special_Projects () cazzz demon nl  (The Lab)
:
: Industrial_Strength () cazzz demon nl  (The Exploiters)
:
: Another fine Planet Cazzz Production/Advisory, in assosiation with The
: Nations Top. We cannot be held responsible for your actions, but you can
: try. PCP/A #0002 (pr0ph).
:
: We want to say hell0 to all the Crackers, the Hackers and the Phreax. We
: want to say hell to all the people in this place. We want to say hell0 to
: all the Sinners and 31337. We say hell0 to all the people in the world...
:
:
:
: -No Strezzz Cazzz, Powered By UN0X =]
:
: If TCP/IP is the Pavement, HTTP is Cazzzoline...
: