[4802] in bugtraq
Re: Solaris Ping bug (DoS)
daemon@ATHENA.MIT.EDU (Francesco Messineo)
Thu Jun 26 12:51:06 1997
Date: Thu, 26 Jun 1997 13:58:19 +0200
Reply-To: Francesco Messineo <frank@SUN01.CCII.UNIPI.IT>
From: Francesco Messineo <frank@SUN01.CCII.UNIPI.IT>
X-To: Adam Caldwell <adam@ATL.ENI.NET>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <19970626000829.28333@atl.eni.net>
On Thu, 26 Jun 1997, Adam Caldwell wrote:
> I briefly searched the bugtraq archives and didn't see this one, so here's a
> way to reboot a Solaris box, and is exploitable by anyone with an account on
> the system since ping is setuid root.
>
> ping -sv -i 127.0.0.1 224.0.0.1
>
> On solaris 2.5, causes the machine to reboot (personal experience). I've
> had independent reports of it crashing 2.5.1, and 2.5 (x86). It probably works
> on all versions of Solaris.
It crashed SunOs 5.3 on a sparc10.
>
> To "fix" the denial of service:
> chmod go-x /usr/sbin/ping
> if you don't mind disabling Ping on your system.
>
> -Adam
>
Regards
-fm
