Re: Solaris Ping bug (DoS)

Philip Kizer (pckizer@nostrum.com)
Thu, 26 Jun 1997 12:24:57 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Geoff Mulligan: "Re: Solaris Ping bug (DoS)"
Previous message: Gnuchev Fedor: "SUMMARY: Solaris Ping bug (DoS)"
Maybe in reply to: Adam Caldwell: "Solaris Ping bug (DoS)"
Next in thread: Geoff Mulligan: "Re: Solaris Ping bug (DoS)"

Adam Caldwell <adam@ATL.ENI.NET> wrote:
>I briefly searched the bugtraq archives and didn't see this one, so here's a
>way to reboot a Solaris box, and is exploitable by anyone with an account on
>the system since ping is setuid root.

For those with access, Sun seems to have Bug Id: 1226919 open on the issue.

>ping -sv -i 127.0.0.1 224.0.0.1
>
>On solaris 2.5, causes the machine to reboot (personal experience). I've
>had independent reports of it crashing 2.5.1, and 2.5 (x86). It probably works
>on all versions of Solaris.
>
>To "fix" the denial of service:
>chmod go-x /usr/sbin/ping
>if you don't mind disabling Ping on your system.

In my quick testing, it seems that there is another workaround if:

1: You do not require multicast support, and
2: Have the opportunity to reboot your machine.

Just comment out the "route add 224.0.0.0 ..." in /etc/init.d/inetsvc and
reboot. Even just doing the 'route delete 224.0.0.0 ...' still allowed the
panic.

_________________________________________________________ Philip Kizer ______
pckizer@nostrum.com

Next message: Geoff Mulligan: "Re: Solaris Ping bug (DoS)"
Previous message: Gnuchev Fedor: "SUMMARY: Solaris Ping bug (DoS)"
Maybe in reply to: Adam Caldwell: "Solaris Ping bug (DoS)"
Next in thread: Geoff Mulligan: "Re: Solaris Ping bug (DoS)"