Vulnerability Development mailing list archives

Re: Local root through vulnerability in ping on linux.

From: Pedro Hugo <fractalg () HIGHSPEEDWEB NET>
Date: Sun, 20 Aug 2000 21:45:00 +0200

Hello,
The original post author just sent me the command line he says to get the seg
fault:
ping -c 1 -s 65690  localhost
I have tested on slackware 7 both with root and non root and none get seg fault.

On RedHat 6.1 as normal user no seg fault occurs... With root you get seg fault
after warning about packet size too big.
Looks like his ping command was trojaned or something ;)
Best Regards,
Pedro Hugo

Samu wrote:

On Sat, Aug 19, 2000 at 08:39:35PM +0200, Ralf-Philipp Weinmann wrote:

On Sat, 19 Aug 2000, Gerrie wrote:

Again some blackhats have a zeroday exploits in their hands.

It's exploits a bug in the linux kernel by using ping, does someone have
more info?

i tried your ping on a debian woody i386 and it doesn't work
again: there are two packages with ping for debian
one in iputils-ping ( which has ping for ipv6 )
one in netkit-ping

the ping in iputils-ping packages is more like "redhattish" ( broadcast ?
then ping -b .... ARGHHH )  and it gives to user the capability to set ICMP
packet size with -s .
with the other packages ( a normal ping ) you can't if you aren't root
to set your icmp packet size even it's suid root .

( and that to answer to ping flooding as user thread ) .

none of the two "ping " give me DOS or kernel bug ( i tried on 2.2.16 and
2.4.0-test4 ) .

i can suggest you to rm you old ping and use this one from debian

cee ya

samuele

--
Samuele Tonon  <samu () mclink it>
Undergraduate Student  of  Computer Science at  University of Bologna, Italy
System administrator at Computer Science Lab's, University of Bologna, Italy
Founder & Member of A.A.H.T.
UIN 3155609
                Acid -- better living through chemistry.
                               Timothy Leary


--
--------------------------------------------
Pedro Hugo
Director of Unix Server Administration
HighSpeedWeb Support Team
fractalg () highspeedweb net
ICQ # 38178251
http://www.highspeedweb.net
Genesis II Networks LLC
--------------------------------------------

Current thread:

Local root through vulnerability in ping on linux. Gerrie (Aug 19)
- Re: Local root through vulnerability in ping on linux. Ralf-Philipp Weinmann (Aug 19)
  - Re: Local root through vulnerability in ping on linux. Gerrie (Aug 20)
    - Re: Local root through vulnerability in ping on linux. Tymm Twillman (Aug 20)
    - Re: Local root through vulnerability in ping on linux. Ralf-Philipp Weinmann (Aug 20)
  - Re: Local root through vulnerability in ping on linux. Samu (Aug 20)
    - Re: Local root through vulnerability in ping on linux. Pedro Hugo (Aug 20)
    - Re: Local root through vulnerability in ping on linux. Peter Batenburg (Aug 21)
    - Re: Local root through vulnerability in ping on linux. PatrickM (Aug 21)
    - Re: Local root through vulnerability in ping on linux. Martin MaD Douda (Aug 21)
- Re: Local root through vulnerability in ping on linux. Misa (Aug 21)
- <Possible follow-ups>
- Re: Local root through vulnerability in ping on linux. Goense, Jacob (Aug 20)
  - Re: Local root through vulnerability in ping on linux. Joe User (Aug 21)
    - Re: Local root through vulnerability in ping on linux. Rodrigo Barbosa (aka morcego) (Aug 21)
  - Re: Local root through vulnerability in ping on linux. Murvai-Buzogany Laszlo (Aug 21)
  - Re: Local root through vulnerability in ping on linux. Michal Zalewski (Aug 21)
    - Re: Local root through vulnerability in ping on linux. Daniel Jacobowitz (Aug 21)

(Thread continues...)