Vulnerability Development mailing list archives
Re: ping -i (TTL) Vulnerability
From: -No Strezzz Cazzz <Butterphly6 () cazzz demon nl>
Date: Thu, 22 Feb 2001 23:49:14 -0000
-----Original Message----- From: rpc <h () CKZ ORG> To: VULN-DEV () SECURITYFOCUS COM <VULN-DEV () SECURITYFOCUS COM> Date: Thursday, February 22, 2001 10:03 PM Subject: Re: ping -i (TTL) Vulnerability
On Wed, 21 Feb 2001 15:34:49 -0800, Reverend Lola said:-----Original Message----->From: Damian Menscher [mailto:menscher () UIUC EDU] >Sent: Wednesday, February 21, 2001 12:20 PM >To: VULN-DEV () SECURITYFOCUS COM >Subject: Re: ping -i (TTL) Vulnerability %<-----SNIP----->% >No doubt that this would do absolutely nothing from a remote location. %<-----SNIP----->% Actually, it does.What you define below does not constitute a 'remote attack'. ping is still executing locally. This is completely unrelated. I could just as easily DoS
the
machine by creating 1e16 instances of minesweeper with remote command execution.
I thought that when a bug could get triggered from a remote location the bug itself is considered a remote-bug. In this case its a remote aswell as a local bug. I want a p0ny... -No Strezzz Cazzz, Powered By UN0X
Current thread:
- Re: ping -i (TTL) Vulnerability, (continued)
- Re: ping -i (TTL) Vulnerability Weiss, Bill (Feb 21)
- Re: ping -i (TTL) Vulnerability erasor (Feb 21)
- Re: ping -i (TTL) Vulnerability Knud Erik Højgaard - CyberCity Support (Feb 22)
- Re: ping -i (TTL) Vulnerability Jeff Oliver (Feb 21)
- Re: ping -i (TTL) Vulnerability Niels Vaes (Feb 21)
- Re: ping -i (TTL) Vulnerability Mark Villanova (Feb 21)
- Re: ping -i (TTL) Vulnerability Leo R. Lundgren (Feb 21)
- Re: ping -i (TTL) Vulnerability Reverend Lola (Feb 21)
- Re: ping -i (TTL) Vulnerability rpc (Feb 22)
- Re: ping -i (TTL) Vulnerability Reddog Hummer (Feb 22)
- Re: ping -i (TTL) Vulnerability -No Strezzz Cazzz (Feb 22)