Bugtraq mailing list archives
SUMMARY: Solaris Ping bug (DoS)
From: qwe () HT EIMB RSSI RU (Gnuchev Fedor)
Date: Fri, 27 Jun 1997 18:37:47 +0400
Good morning Aleph, I hope that following summary will stop ping discussion. I'd just removed extra water from responces. -------snip-snip------- Making a summary from recieved solutions I guess prize goes to Mark Henderson <mch () squirrel com> for the reason of closing the hole that ping 'pinged': From: Mark Henderson <mch () squirrel com> try /usr/sbin/ndd -set /dev/ip ip_respond_to_echo_broadcast 0 // should be added to /etc/init.d/inetinit to be permanent. ----------- From: John Mizzi <jmizzi () premenos com> From: Frank DENIS -Jedi/Sector One- <j () donald fr> From: Dan Bell <dbell () blaze cs jhu edu> From: George Turner <grturner () netcom com> From: "Matthew R. Potter" <mpotter () intr net> From: Mark Henderson <mch () squirrel com> From: Andrew <radak () yo fuh-q org> From: Joao Miguel Neves <jmne () rnl ist utl pt> other solutions: - use wrapper - use traceroute - compile BSD ping are included in no particular order: From: John Mizzi <jmizzi () premenos com> Yes, I can confirm this on Solaris 2.5.1 From: Frank DENIS -Jedi/Sector One- <j () donald fr>
Disabling ping??! Hope someone will devise more chewable solution :-)
Let your users use traceroute instead... From: George Turner <grturner () netcom com>
Disabling ping??! Hope someone will devise more chewable solution :-)
I'm doing the following for now: chmod 500 /usr/sin/ping mv /usr/sbin/ping /usr/sbin/ping.bug gcc -o ping wping.c chmod 4555 ping mv ping /usr/sbin --------------------------------wping.c--------------------------- #include <stdio.h> #include <unistd.h> char host[75]; main(int argc, char **argv) { switch (argc) { case 2: memset(host, '\0', sizeof(host)); strncpy(host, argv[1], sizeof(host)-1); execl("/usr/sbin/ping.bug", "ping", host, (char *)NULL); break; default: fprintf(stderr, "Options are currently disabled for non-root user.\n"); } } From: George Turner <grturner () netcom com> Subject: Re: Solaris Ping bug (DoS) Yeah, it's just stopgap, but most of my users do like to be able to ping places and almost never use any of the ping options. George From: "Matthew R. Potter" <mpotter () intr net> What about fixing the actuall kernel code, I assume it's the multicast stuff, or just disable it. Can u disable it on boot? From: Mark Henderson <mch () squirrel com> try /usr/sbin/ndd -set /dev/ip ip_respond_to_echo_broadcast 0 (only tested on a single 2.5.1 machine) qwe: Well, it does closes the hole on all 2.x I could reach - 2.4, 2.5, 2.5.1 From: Dan Bell <dbell () blaze cs jhu edu>
Disabling ping??! Hope someone will devise more chewable solution :-)
The only solution I've got (as I lack working code for ping), has actually been to use my ancient SunOS version in binary compatibility mode. It's a disgusting thing to do, but the old version doesn't have this bug. I've only applied this kludge on undergraduate machines, where I know they'll crash them just for the hell of it :). From: Andrew <radak () yo fuh-q org> I took the standard AUSCERT overflow wrapper and changed line 178 from: if (strlen(argv[i]) > MAXARGLEN) to: if (strcmp(argv[i],"-i") == 0) And thusly wrapped ping. I don't know if this is actually a 100% 'patch' (someone with better knowledge of C care to comment?), but it'll at least prevent the exploit as printed. (I figure non-root users shouldn't need to be able to specify interface anyway.) -Andrew From: Joao Miguel Neves <jmne () rnl ist utl pt> You can always do like me. I compiled the BSD ping and disabled the other. Joao Miguel Neves jmne () poboxes com ----------------------- With best regards Fedor Gnuchev mailto:qwe () ht eimb rssi ru
Current thread:
- Re: Solaris Ping bug (DoS), (continued)
- Re: Solaris Ping bug (DoS) Philip Kizer (Jun 26)
- Solaris Ping bug(inetsvc) Renteria Tabares J. (Jun 27)
- Announce: ypcat for Win NT/95 Aaron Spangler (Jun 27)
- Re: Solaris Ping bug (DoS) Geoff Mulligan (Jun 27)
- Win95 ping bug nomad () APOLLO TOMCO NET (Jun 29)
- Re: Solaris Ping bug (DoS) Jon Edwards (Jun 30)
- Alert: Routing and RAS Filtering issue Aleph One (Jun 27)
- Solaris Ping Bug and other [bc] oddities Aleph One (Jun 23)
- Re: Solaris Ping bug (DoS) Philip Kizer (Jun 26)
- Re: [ADVISORY] 4.4BSD Securelevels Howie Kaye (Jun 26)
- Re: [ADVISORY] 4.4BSD Securelevels Thomas H. Ptacek (Jun 26)
- SUMMARY: Solaris Ping bug (DoS) Gnuchev Fedor (Jun 27)
- Security hole affects many cvs pserver installations Aleph One (Jun 27)