[plug] local DoS with ping -R
Matt Kemner
zombie at networx.net.au
Mon Dec 13 09:01:51 WST 1999
Warning for anybody running 2.0 and has lusers they can't trust.
(I disabled -s on the ping binaries on my systems a while ago, to stop
people pingflooding each other. It stops this attack too)
- Matt
---------- Forwarded message ----------
Date: Thu, 9 Dec 1999 10:51:45 -0600
From: Eduardo Cruz <eduardo.cruz at TS-G.COM>
To: BUGTRAQ at SECURITYFOCUS.COM
Subject: Big problem on 2.0.x?
Hello ppl.
Last week i was playing with my old linux 2.0.36 i486 box, while i was playing with the command ping and trying combinations of commands
i found that when u do a ping -s 65468 -R ANYIPADDRESS ( -R record route) the system starts to print on the screen kernel dumps
, freezes complitely and after few secconds the system reboots.
The major problem with this (if this is a bug, because i dont have time to install differents kernels and test it better) is that command can be run by everyone
because you dont need root permissions to make a -R.
I tested this on a 2.0.35 and .36 (both slackware), when u try to do this on a 2.2.x the system prints out "message too long".
I think the problem is that there is a size-check missed when u reach the maximun packet size and u put the route information, but anyway
i am not a guru on kernels.
So, now is time for the kernel experts :)
---------------------------------------------------------------------------
Eduardo Cruz - eduardo.cruz. at ts-g.com
Network Administrator
Telecomm Solutions Group
Tel: +350 74146 Fax: +350 41781
---------------------------------------------------------------
More information about the plug
mailing list