Vulnerability Development mailing list archives
Re: ping -i (TTL) Vulnerability
From: rpc <h () ckz org>
Date: Wed, 21 Feb 2001 21:51:12 UTC
On Wed, 21 Feb 2001 15:34:49 -0800, Reverend Lola said:
-----Original Message----->From: Damian Menscher [mailto:menscher () UIUC EDU] >Sent: Wednesday, February 21, 2001 12:20 PM >To: VULN-DEV () SECURITYFOCUS COM >Subject: Re: ping -i (TTL) Vulnerability %<-----SNIP----->% >No doubt that this would do absolutely nothing from a remote location. %<-----SNIP----->% Actually, it does.
What you define below does not constitute a 'remote attack'. ping is still executing locally. This is completely unrelated. I could just as easily DoS the machine by creating 1e16 instances of minesweeper with remote command execution. --rpc
I used the Unicode bug to send the command to a remote server (NT 4, SP6a, IIS4): http://xx.xx.xx.xx/scripts/..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+ping+-t+127.0.0.1+-i+0 CPU usage on the target server went to 100%, and stayed there. Task Manager showed ping.exe was using a HUGE amount of system resources (this increased memory usage by a bit as well). I tried to stop ping.exe, and could not. Since ping.exe was started by IIS, I then tried to stop the web server, but it was not responding either. The only way to stop it was to reboot. I'm sure the script kiddies will have fun with this one. :) __________________________________________________ Do You Yahoo!? Yahoo! Auctions - Buy the things you want at great prices! http://auctions.yahoo.com/
Current thread:
- Re: ping -i (TTL) Vulnerability, (continued)
- Re: ping -i (TTL) Vulnerability Damian Menscher (Feb 21)
- Re: ping -i (TTL) Vulnerability Jason Witty (Feb 21)
- Re: ping -i (TTL) Vulnerability Weiss, Bill (Feb 21)
- Re: ping -i (TTL) Vulnerability erasor (Feb 21)
- Re: ping -i (TTL) Vulnerability Knud Erik Højgaard - CyberCity Support (Feb 22)
- Re: ping -i (TTL) Vulnerability Jeff Oliver (Feb 21)
- Re: ping -i (TTL) Vulnerability Niels Vaes (Feb 21)
- Re: ping -i (TTL) Vulnerability Mark Villanova (Feb 21)
- Re: ping -i (TTL) Vulnerability Leo R. Lundgren (Feb 21)
- Re: ping -i (TTL) Vulnerability Reverend Lola (Feb 21)
- Re: ping -i (TTL) Vulnerability rpc (Feb 22)
- Re: ping -i (TTL) Vulnerability Reddog Hummer (Feb 22)
- Re: ping -i (TTL) Vulnerability -No Strezzz Cazzz (Feb 22)