Vulnerability Development mailing list archives
Re: Local root through vulnerability in ping on linux.
From: Pedro Hugo <fractalg () HIGHSPEEDWEB NET>
Date: Sun, 20 Aug 2000 21:45:00 +0200
Hello, The original post author just sent me the command line he says to get the seg fault: ping -c 1 -s 65690 localhost I have tested on slackware 7 both with root and non root and none get seg fault. On RedHat 6.1 as normal user no seg fault occurs... With root you get seg fault after warning about packet size too big. Looks like his ping command was trojaned or something ;) Best Regards, Pedro Hugo Samu wrote:
On Sat, Aug 19, 2000 at 08:39:35PM +0200, Ralf-Philipp Weinmann wrote:On Sat, 19 Aug 2000, Gerrie wrote:Again some blackhats have a zeroday exploits in their hands. It's exploits a bug in the linux kernel by using ping, does someone have more info?i tried your ping on a debian woody i386 and it doesn't work again: there are two packages with ping for debian one in iputils-ping ( which has ping for ipv6 ) one in netkit-ping the ping in iputils-ping packages is more like "redhattish" ( broadcast ? then ping -b .... ARGHHH ) and it gives to user the capability to set ICMP packet size with -s . with the other packages ( a normal ping ) you can't if you aren't root to set your icmp packet size even it's suid root . ( and that to answer to ping flooding as user thread ) . none of the two "ping " give me DOS or kernel bug ( i tried on 2.2.16 and 2.4.0-test4 ) . i can suggest you to rm you old ping and use this one from debian cee ya samuele -- Samuele Tonon <samu () mclink it> Undergraduate Student of Computer Science at University of Bologna, Italy System administrator at Computer Science Lab's, University of Bologna, Italy Founder & Member of A.A.H.T. UIN 3155609 Acid -- better living through chemistry. Timothy Leary
-- -------------------------------------------- Pedro Hugo Director of Unix Server Administration HighSpeedWeb Support Team fractalg () highspeedweb net ICQ # 38178251 http://www.highspeedweb.net Genesis II Networks LLC --------------------------------------------
Current thread:
- Local root through vulnerability in ping on linux. Gerrie (Aug 19)
- Re: Local root through vulnerability in ping on linux. Ralf-Philipp Weinmann (Aug 19)
- Re: Local root through vulnerability in ping on linux. Gerrie (Aug 20)
- Re: Local root through vulnerability in ping on linux. Tymm Twillman (Aug 20)
- Re: Local root through vulnerability in ping on linux. Ralf-Philipp Weinmann (Aug 20)
- Re: Local root through vulnerability in ping on linux. Samu (Aug 20)
- Re: Local root through vulnerability in ping on linux. Pedro Hugo (Aug 20)
- Re: Local root through vulnerability in ping on linux. Peter Batenburg (Aug 21)
- Re: Local root through vulnerability in ping on linux. PatrickM (Aug 21)
- Re: Local root through vulnerability in ping on linux. Martin MaD Douda (Aug 21)
- Re: Local root through vulnerability in ping on linux. Gerrie (Aug 20)
- Re: Local root through vulnerability in ping on linux. Ralf-Philipp Weinmann (Aug 19)
- <Possible follow-ups>
- Re: Local root through vulnerability in ping on linux. Goense, Jacob (Aug 20)
- Re: Local root through vulnerability in ping on linux. Joe User (Aug 21)
- Re: Local root through vulnerability in ping on linux. Rodrigo Barbosa (aka morcego) (Aug 21)
- Re: Local root through vulnerability in ping on linux. Murvai-Buzogany Laszlo (Aug 21)
- Re: Local root through vulnerability in ping on linux. Michal Zalewski (Aug 21)
- Re: Local root through vulnerability in ping on linux. Daniel Jacobowitz (Aug 21)
- Re: Local root through vulnerability in ping on linux. Joe User (Aug 21)