Bugtraq: Solaris Ping bug (DoS)

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Solaris Ping bug (DoS)

From: adam () ATL ENI NET (Adam Caldwell)
Date: Thu, 26 Jun 1997 00:08:29 -0400


I briefly searched the bugtraq archives and didn't see this one, so here's a
way to reboot a Solaris box, and is exploitable by anyone with an account on
the system since ping is setuid root.

ping -sv -i 127.0.0.1 224.0.0.1

On solaris 2.5, causes the machine to reboot (personal experience).  I've
had independent reports of it crashing 2.5.1, and 2.5 (x86).  It probably works
on all versions of Solaris.

To "fix" the denial of service:
chmod go-x /usr/sbin/ping
if you don't mind disabling Ping on your system.

-Adam

By Date By Thread

Current thread:

Re: [ADVISORY] 4.4BSD Securelevels Charles M. Hannum (Jun 25)
- Re: [ADVISORY] 4.4BSD Securelevels Thomas H. Ptacek (Jun 25)
- Solaris Ping bug (DoS) Adam Caldwell (Jun 25)
  - Re: Solaris Ping bug (DoS) Gnuchev Fedor (Jun 26)
  - Re: Solaris Ping bug (DoS) just me. (Jun 26)
  - Re: Solaris Ping bug (DoS) Francesco Messineo (Jun 26)
  - 'sec-fix' for NT 3.51 Aleph One (Jun 26)
  - Problem in dxterm (ULTRIX) Trevor Schroeder (Jun 26)