Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Re: sing (debian) vunlerability?
From: Moritz Muehlenhoff <jmm () debian org>
Date: Tue, 4 Dec 2007 22:11:46 +0100
Milen Rangelov wrote:

The sing utility (Send Nasty ICMP Garbage) is a ping replacement that
allows sending ICMP packets with spoofed source and custom ICMP
types/codes (http://sourceforge.net/projects/sing).

The debian package provides sing as a suid binary (actually,
the sid distribution asks the user whether he'd like it installed suid,
I'm not 100% sure, but in etch, it installs it suid, anyway, should
check).


Thanks for bringing this to our attention.

However, above statement is not correct. Both the sing packages in
Debian oldstable (Sarge) and Debian stable (Etch) do not provide a setuid
root binary by default. The override status is handled by debconf and
defaults to no:

|  For 'sing' to work for non-root users, it needs to be suid.                                                          
|                                                                                                                       
  
|  Please keep in mind that making 'sing' suid, allows non-root users to
|  send spoofed ICMP messages from your machine.  
|                                                                                                                       
  
|  If you don't know what that means, refuse to make it suid here, and
|  run 'sing' only as root.                         

Cheers,
        Moritz

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]