Vulnerability Development mailing list archives
Re: ping -i (TTL) Vulnerability
From: Reverend Lola <reverend_lola () YAHOO COM>
Date: Wed, 21 Feb 2001 15:34:49 -0800
-----Original Message----- From: Damian Menscher [mailto:menscher () UIUC EDU] Sent: Wednesday, February 21, 2001 12:20 PM To: VULN-DEV () SECURITYFOCUS COM Subject: Re: ping -i (TTL) Vulnerability
%<-----SNIP----->%
No doubt that this would do absolutely nothing from a
remote location. %<-----SNIP----->% Actually, it does. I used the Unicode bug to send the command to a remote server (NT 4, SP6a, IIS4): http://xx.xx.xx.xx/scripts/..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+ping+-t+127.0.0.1+-i+0 CPU usage on the target server went to 100%, and stayed there. Task Manager showed ping.exe was using a HUGE amount of system resources (this increased memory usage by a bit as well). I tried to stop ping.exe, and could not. Since ping.exe was started by IIS, I then tried to stop the web server, but it was not responding either. The only way to stop it was to reboot. I'm sure the script kiddies will have fun with this one. :) __________________________________________________ Do You Yahoo!? Yahoo! Auctions - Buy the things you want at great prices! http://auctions.yahoo.com/
Current thread:
- ping -i (TTL) Vulnerability -No Strezzz Cazzz (Feb 21)
- Re: ping -i (TTL) Vulnerability Damian Menscher (Feb 21)
- Re: ping -i (TTL) Vulnerability Jason Witty (Feb 21)
- Re: ping -i (TTL) Vulnerability Weiss, Bill (Feb 21)
- Re: ping -i (TTL) Vulnerability erasor (Feb 21)
- Re: ping -i (TTL) Vulnerability Knud Erik Højgaard - CyberCity Support (Feb 22)
- <Possible follow-ups>
- Re: ping -i (TTL) Vulnerability Jeff Oliver (Feb 21)
- Re: ping -i (TTL) Vulnerability Niels Vaes (Feb 21)
- Re: ping -i (TTL) Vulnerability Mark Villanova (Feb 21)
- Re: ping -i (TTL) Vulnerability Leo R. Lundgren (Feb 21)
- Re: ping -i (TTL) Vulnerability Reverend Lola (Feb 21)
- Re: ping -i (TTL) Vulnerability rpc (Feb 22)
- Re: ping -i (TTL) Vulnerability Reddog Hummer (Feb 22)
- Re: ping -i (TTL) Vulnerability -No Strezzz Cazzz (Feb 22)