Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: ping -i (TTL) Vulnerability

From: Reverend Lola <reverend_lola () YAHOO COM>
Date: Wed, 21 Feb 2001 15:34:49 -0800
-----Original Message-----
From: Damian Menscher [mailto:menscher () UIUC EDU]
Sent: Wednesday, February 21, 2001 12:20 PM
To: VULN-DEV () SECURITYFOCUS COM
Subject: Re: ping -i (TTL) Vulnerability


%<-----SNIP----->%


No doubt that this would do absolutely nothing from a

remote location.

%<-----SNIP----->%

Actually, it does.

I used the Unicode bug to send the command to a remote
server (NT 4, SP6a, IIS4):
http://xx.xx.xx.xx/scripts/..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+ping+-t+127.0.0.1+-i+0

CPU usage on the target server went to 100%, and
stayed there.  Task Manager showed ping.exe was using
a HUGE amount of system resources (this increased
memory usage by a bit as well).  I tried to stop
ping.exe, and could not.  Since ping.exe was started
by IIS, I then tried to stop the web server, but it
was not responding either.  The only way to stop it
was to reboot.

I'm sure the script kiddies will have fun with this
one.  :)


__________________________________________________
Do You Yahoo!?
Yahoo! Auctions - Buy the things you want at great prices! http://auctions.yahoo.com/
Previous By Date Next
Previous By Thread Next

Current thread: