Vulnerability Development: Re: Local root through vulnerability in ping on linux.

[Tymm Twillman <tymm () COE MISSOURI EDU>]

just out of curiosity, what makes you think it was ping?  (and, following
that, that it wasn't a rootkit'd ping, or a local user's file named ping
that they managed to get suid'd through alternate routes)?

There have been problems with ping in the past but I haven't seen anything
lately.  and at least RedHat's version of ping, last I looked at it,
seemed pretty safe if I remember (although I think you mentioned a kernel
bug, which would make it likely not matter).  Also there aren't a lot of
options you can pass ping, only one where you can really pass a string,
and that's only 16 bytes, which would *probably* make it difficult to do
anything.  and you say it's local which cuts down a bit on the
possibilities, assuming a properly configured system...

definitely curious to hear if you find any further info on this.

Thanks,

-Tymm

On Sun, 20 Aug 2000, Gerrie wrote:

> ----- Original Message -----
> From: "Ralf-Philipp Weinmann"
> > On Sat, 19 Aug 2000, Gerrie wrote:
> >
> > > Again some blackhats have a zeroday exploits in their hands.
> > >
> > > It's exploits a bug in the linux kernel by using ping, does someone have
> > > more info?
> > Does that bug actually allow you to increase your privs or is it DoS
> > only ? What kernel versions are concerned ?
> No it's a exploit to gain root -all evidence point that way-.
>
> We haven't reconstructed the situation -yet- and don't have any trace of the
> exploit.
>
> The only fact there is that they had root, and it was a 2.2.16 kernel.
>
>
> gtx,
> Gerrie
> btw: didn't ADM have a zeroday ?