Bugtraq mailing list archives
Re: Big problem on 2.0.x?
From: jason () INETARENA COM (Jason Mills)
Date: Mon, 13 Dec 1999 15:44:22 -0800
heres a simple patch for the -s stuff just using the same method as with -l:) --- netkit-base-0.10/ping/ping.c.orig Mon Dec 13 15:33:56 1999 +++ netkit-base-0.10/ping/ping.c Mon Dec 13 15:34:15 1999 @@ -302,6 +302,11 @@ options |= F_SO_DONTROUTE; break; case 's': /* size of packet to send */ + if (!am_i_root) { + (void)fprintf(stderr, + "ping: %s\n", strerror(EPERM)); + exit(2); + } datalen = atoi(optarg); if (datalen > MAXPACKET) { (void)fprintf(stderr, ------------------------------------- On Sat, 11 Dec 1999, Stephen White wrote:
Mike Ireton wrote:i found that when u do a ping -s 65468 -R ANYIPADDRESS ( -R record route) the system starts to print on the screen kernel dumps , freezes complitely and after few secconds the system reboots.This can be 'fixed' (okay kludged around) by altering the #define MAXPACKET (65536 - 60 - 8)/* max packet size */ line in ping.c I've reduced it to 32K (32768) on my Linux 2.0.36 box, since that should avoid all possible problems (air on the side of caution and all that). I don't see users having any reason to need such large ping packets anyway (other than for the purpose of local or remote exploits). For those using RedHat 5.2 I've made an SRPM and .i368 RPM containing my new ping and they are avaiable via annon. ftp at ftp://ox.compsoc.net/users/swhite/ping/ You'll need to install with --force since the package reports the same version as the normal redhat5.2 one so RPM thinks it's already installed. It has also been suggested that ping could be patched to make '-s' only available to root (like '-l' is), as an alternative solution. I haven't tried this but it should be a fairly simple modification. Neither of these address the real problem in the kernel, but they do mean that sysadmins can go on allowing users to run ping without the worry of quite such a trivial DoS. The same problem does not appear to occur in Linux 2.2, Windows 95 or Solaris 2.7. -- Stephen White OU Compsoc System Administration Team <swhite () ox compsoc net> http://www.ox.compsoc.net/~swhite/
Current thread:
- Big problem on 2.0.x? Eduardo Cruz (Dec 09)
- Re: Big problem on 2.0.x? Hugo.van.der.Kooij () CAIW NL (Dec 10)
- Re: Big problem on 2.0.x? Mike Ireton (Dec 10)
- <Possible follow-ups>
- Re: Big problem on 2.0.x? Stephen White (Dec 11)
- Privacy hole in Go Express Search Alfred Huger (Dec 13)
- Re: Big problem on 2.0.x? Jason Mills (Dec 13)
- [patch] Re: Big problem on 2.0.x? Andrea Arcangeli (Dec 14)
- Local / Remote D.o.S Attack in War FTP Daemon 1.70 Vulnerability Ussr Labs (Dec 13)
- Re: Local / Remote D.o.S Attack in War FTP Daemon 1.70 Vulnerability Malartre (Dec 14)
- Re: Local / Remote D.o.S Attack in War FTP Daemon 1.70 Vulnerability Ussr Labs (Dec 14)
- Re: Local / Remote D.o.S Attack in War FTP Daemon 1.70 Vulnerability Federico - Comnet S.A. (Dec 15)
- Re: Local / Remote D.o.S Attack in War FTP Daemon 1.70Vulnerability ussr secure (Dec 16)
- Re: Local / Remote D.o.S Attack in War FTP Daemon 1.70 Vulnerability Tim (Dec 15)
- Re: Local / Remote D.o.S Attack in War FTP Daemon 1.70 Vulnerability Ussr Labs (Dec 15)
- CERT Advisory CA-99-16 Buffer Overflow in Sun Solstice AdminSuite Daemon sadmind Elias Levy (Dec 14)
- Statement: Local / Remote D.o.S Attack in War FTP Daemon 1.70 Jarle Aase (Dec 16)