[905] in bugtraq
Solaris 2.3 ndd bug
daemon@ATHENA.MIT.EDU (Mike Shaver)
Mon Feb 6 03:05:26 1995
From: shaver@ingenia.com (Mike Shaver)
To: bugtraq@fc.net
Date: Mon, 6 Feb 1995 02:16:14 -0500 (EST)
I discovered a, er, shortcoming of /usr/sbin/ndd under Solaris 2.3 this
evening....
I was poking around, trying to learn more about the system I live in/with,
that sort of thing, when I tried:
/usr/sbin/ndd /dev/udp udp_status
Boom! Instant kernel panic.
I'm logged in from remote, so I didn't get to see all the nice messages, but
this is the line in /var/adm/messages which seems relevant:
Feb 6 01:52:21 iron unix: panic: recursive mutex_enter. mutex fc0acb50 caller fc02dabc
I, um, reproduced it on another Solaris 2.3 system, so it seems like a real
bug.
And as I see it, this is a reasonably large one.
Not only does it show a less-than-complete run of testing of Sun's udp code
(I daren't try it with other devices until I have a test machine), but it
could theoretically present an interesting denial of service attack.
Anyone care to try it on 2.[24] or anything else w/ ndd?
Mike
--
Mike Shaver (shaver@ingenia.com)
Systems Support and Technical Development
Research and Development
If it's not Linux, it's not my fault.
