Solaris local ping DOS attack

Summary
Description:You can reboot solaris boxes with ping -sv -i 127.0.0.1 224.0.0.1
Author:Adam Caldwell <adam@ATL.ENI.NET>
Compromise:Stupid DOS attack, plus you need to be a local user.
Vulnerable Systems:Apparently all versions of Solaris up to (but not including) 2.6
Date:26 June 1997
Details


Date: Thu, 26 Jun 1997 00:08:29 -0400
From: Adam Caldwell <adam@ATL.ENI.NET>
To: BUGTRAQ@NETSPACE.ORG
Subject: Solaris Ping bug (DoS)

I briefly searched the bugtraq archives and didn't see this one, so here's a
way to reboot a Solaris box, and is exploitable by anyone with an account on
the system since ping is setuid root.

ping -sv -i 127.0.0.1 224.0.0.1

On solaris 2.5, causes the machine to reboot (personal experience).  I've
had independent reports of it crashing 2.5.1, and 2.5 (x86).  It probably works
on all versions of Solaris.

To "fix" the denial of service:
chmod go-x /usr/sbin/ping
if you don't mind disabling Ping on your system.

-Adam

More Exploits!

The master index of all exploits is available here (Very large file)
Or you can pick your favorite operating system:
All OS's Linux Solaris/SunOS Micro$oft
*BSD Macintosh AIX IRIX
ULTRIX/Digital UNIX HP/UX SCO Remote exploits

This page is part of Fyodor's exploit world. For a free program to automate scanning your network for vulnerable hosts and services, check out my network mapping tool, nmap. Or try these Insecure.Org resouces:

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]