Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Solaris 2.3 ndd bug
From: shaver () ingenia com (Mike Shaver)
Date: Mon, 6 Feb 1995 02:16:14 -0500 (EST)

I discovered a, er, shortcoming of /usr/sbin/ndd under Solaris 2.3 this
evening....

I was poking around, trying to learn more about the system I live in/with,
that sort of thing, when I tried:
/usr/sbin/ndd /dev/udp udp_status

Boom!  Instant kernel panic.

I'm logged in from remote, so I didn't get to see all the nice messages, but
this is the line in /var/adm/messages which seems relevant:

Feb  6 01:52:21 iron unix: panic: recursive mutex_enter. mutex fc0acb50 caller fc02dabc

I, um, reproduced it on another Solaris 2.3 system, so it seems like a real
bug.

And as I see it, this is a reasonably large one.
Not only does it show a less-than-complete run of testing of Sun's udp code
(I daren't try it with other devices until I have a test machine), but it
could theoretically present an interesting denial of service attack.

Anyone care to try it on 2.[24] or anything else w/ ndd?

Mike

-- 
                     Mike Shaver (shaver () ingenia com)
                  Systems Support and Technical Development
                          Research and Development
                    If it's not Linux, it's not my fault.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]