Bugtraq mailing list archives

Re: Solaris Ping bug (DoS)

From: matt () bikkle iac co jp (just me.)
Date: Thu, 26 Jun 1997 19:12:38 +0900


Works on my box-

SunOS myhost 5.5.1 Generic_103640-08 sun4m sparc SUNW,SPARCstation-20

-r-sr-xr-x   1 root     bin        18172 May  3  1996 /usr/sbin/ping

instant panic and reboot.

On Thu, 26 Jun 1997, Adam Caldwell wrote:

I briefly searched the bugtraq archives and didn't see this one, so here's a
way to reboot a Solaris box, and is exploitable by anyone with an account on
the system since ping is setuid root.

ping -sv -i 127.0.0.1 224.0.0.1

On solaris 2.5, causes the machine to reboot (personal experience).  I've
had independent reports of it crashing 2.5.1, and 2.5 (x86).  It probably works
on all versions of Solaris.

To "fix" the denial of service:
chmod go-x /usr/sbin/ping
if you don't mind disabling Ping on your system.




--matt () bikkle iac co jp--(MG406)-------------------------------------------
  Technical Operations                  "This is a truly bogus example."
  Internet Access Center Tokyo, Japan         -The Bat book, p.506

Current thread:

Re: [ADVISORY] 4.4BSD Securelevels Charles M. Hannum (Jun 25)
- Re: [ADVISORY] 4.4BSD Securelevels Thomas H. Ptacek (Jun 25)
- Solaris Ping bug (DoS) Adam Caldwell (Jun 25)
  - Re: Solaris Ping bug (DoS) Gnuchev Fedor (Jun 26)
  - Re: Solaris Ping bug (DoS) just me. (Jun 26)
  - Re: Solaris Ping bug (DoS) Francesco Messineo (Jun 26)
  - 'sec-fix' for NT 3.51 Aleph One (Jun 26)
  - Problem in dxterm (ULTRIX) Trevor Schroeder (Jun 26)
  - Re: Solaris Ping bug (DoS) Philip Kizer (Jun 26)
    - Solaris Ping bug(inetsvc) Renteria Tabares J. (Jun 27)
    - Announce: ypcat for Win NT/95 Aaron Spangler (Jun 27)
  - Re: Solaris Ping bug (DoS) Geoff Mulligan (Jun 27)
    - Win95 ping bug nomad () APOLLO TOMCO NET (Jun 29)
    - Re: Solaris Ping bug (DoS) Jon Edwards (Jun 30)
  - Alert: Routing and RAS Filtering issue Aleph One (Jun 27)

(Thread continues...)