[12927] in bugtraq
Big problem on 2.0.x?
daemon@ATHENA.MIT.EDU (Eduardo Cruz)
Fri Dec 10 14:40:42 1999
Mime-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_008B_01BF4233.62E4F280"
Message-Id: <008e01bf4265$b5175ac0$dac1a6c3@tsg.com>
Date: Thu, 9 Dec 1999 10:51:45 -0600
Reply-To: Eduardo Cruz <eduardo.cruz@TS-G.COM>
From: Eduardo Cruz <eduardo.cruz@TS-G.COM>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
This is a multi-part message in MIME format.
------=_NextPart_000_008B_01BF4233.62E4F280
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Hello ppl.
Last week i was playing with my old linux 2.0.36 i486 box, while i was =
playing with the command ping and trying combinations of commands
i found that when u do a ping -s 65468 -R ANYIPADDRESS ( -R record =
route) the system starts to print on the screen kernel dumps
, freezes complitely and after few secconds the system reboots.
The major problem with this (if this is a bug, because i dont have time =
to install differents kernels and test it better) is that command can be =
run by everyone
because you dont need root permissions to make a -R.
I tested this on a 2.0.35 and .36 (both slackware), when u try to do =
this on a 2.2.x the system prints out "message too long".
I think the problem is that there is a size-check missed when u reach =
the maximun packet size and u put the route information, but anyway=20
i am not a guru on kernels.
So, now is time for the kernel experts :) =20
-------------------------------------------------------------------------=
--
Eduardo Cruz - eduardo.cruz.@ts-g.com
Network Administrator
Telecomm Solutions Group
Tel: +350 74146 Fax: +350 41781
---------------------------------------------------------------
------=_NextPart_000_008B_01BF4233.62E4F280
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content=3D"text/html; charset=3Diso-8859-1" =
http-equiv=3DContent-Type>
<META content=3D"MSHTML 5.00.2614.3500" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>Hello ppl.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Last week i was playing with my old =
linux 2.0.36=20
i486 box, while i was playing with the command ping and trying =
combinations of=20
commands</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>i found that when u do a ping -s 65468 =
-R =20
ANYIPADDRESS ( -R record route) the system starts to print on the screen =
kernel=20
dumps</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>, freezes complitely and after few =
secconds the=20
system reboots.</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>The major problem with this (if this is =
a bug,=20
because i dont have time to install differents kernels and test it =
better) is=20
that command can be run by everyone</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>because you dont need root permissions =
to make a=20
-R.</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>I tested this on a 2.0.35 and .36 (both =
slackware),=20
when u try to do this on a 2.2.x the system prints out "message too =
long".</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>I think the problem is that there is a =
size-check=20
missed when u reach the maximun packet size and u put the route =
information, but=20
anyway </FONT></DIV>
<DIV><FONT face=3DArial size=3D2>i am not a guru on =
kernels.</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>So, now is time for the =
kernel=20
experts :) </FONT> </DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial=20
size=3D2>----------------------------------------------------------------=
-----------</FONT></DIV>
<DIV><FONT face=3DArial size=3D2> Eduardo Cruz - <A=20
href=3D"mailto:eduardo.cruz.@ts-g.com">eduardo.cruz.@ts-g.com</A></FONT><=
/DIV>
<DIV><FONT face=3DArial size=3D2> Network =
Administrator</FONT></DIV>
<DIV><FONT face=3DArial size=3D2> Telecomm Solutions =
Group</FONT></DIV>
<DIV><FONT face=3DArial size=3D2> Tel: +350 74146 Fax: =
+350=20
41781</FONT></DIV>
<DIV><FONT face=3DArial=20
size=3D2>---------------------------------------------------------------<=
/FONT></DIV></BODY></HTML>
------=_NextPart_000_008B_01BF4233.62E4F280--
