Re: Solaris Ping bug (DoS)

Will Kempf (wgkempf@2access.com)
Fri, 27 Jun 1997 11:33:23 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Aleph One: "Alert: Routing and RAS Filtering issue"
Previous message: Philip Kizer: "Re: Solaris Ping bug (DoS)"
Maybe in reply to: Adam Caldwell: "Solaris Ping bug (DoS)"
Next in thread: Jon Edwards: "Re: Solaris Ping bug (DoS)"

Not quite -- I have a Solaris 2.5.1 system which panics, but does not
have the multicast routing enabled. (Disabled as suggested below.)

Philip Kizer wrote:

> Adam Caldwell <adam@ATL.ENI.NET> wrote:
> >I briefly searched the bugtraq archives and didn't see this one, so
> here's a
> >way to reboot a Solaris box, and is exploitable by anyone with an
> account on
> >the system since ping is setuid root.
>
> For those with access, Sun seems to have Bug Id: 1226919 open on the
> issue.
>
> >ping -sv -i 127.0.0.1 224.0.0.1
> >
> >On solaris 2.5, causes the machine to reboot (personal experience).
> I've
> >had independent reports of it crashing 2.5.1, and 2.5 (x86). It
> probably works
> >on all versions of Solaris.
> >
> >To "fix" the denial of service:
> >chmod go-x /usr/sbin/ping
> >if you don't mind disabling Ping on your system.
>
> In my quick testing, it seems that there is another workaround if:
>
> 1: You do not require multicast support, and
> 2: Have the opportunity to reboot your machine.
>
> Just comment out the "route add 224.0.0.0 ..." in /etc/init.d/inetsvc
> and
> reboot. Even just doing the 'route delete 224.0.0.0 ...' still
> allowed the
> panic.
>
> _________________________________________________________ Philip Kizer
> ______
>
> pckizer@nostrum.com

Next message: Aleph One: "Alert: Routing and RAS Filtering issue"
Previous message: Philip Kizer: "Re: Solaris Ping bug (DoS)"
Maybe in reply to: Adam Caldwell: "Solaris Ping bug (DoS)"
Next in thread: Jon Edwards: "Re: Solaris Ping bug (DoS)"