[4801] in bugtraq
Solaris Ping bug (DoS)
daemon@ATHENA.MIT.EDU (Adam Caldwell)
Thu Jun 26 03:22:10 1997
Date: Thu, 26 Jun 1997 00:08:29 -0400
Reply-To: Adam Caldwell <adam@ATL.ENI.NET>
From: Adam Caldwell <adam@ATL.ENI.NET>
To: BUGTRAQ@NETSPACE.ORG
I briefly searched the bugtraq archives and didn't see this one, so here's a
way to reboot a Solaris box, and is exploitable by anyone with an account on
the system since ping is setuid root.
ping -sv -i 127.0.0.1 224.0.0.1
On solaris 2.5, causes the machine to reboot (personal experience). I've
had independent reports of it crashing 2.5.1, and 2.5 (x86). It probably works
on all versions of Solaris.
To "fix" the denial of service:
chmod go-x /usr/sbin/ping
if you don't mind disabling Ping on your system.
-Adam
