SunOS 4.1.4 crashes when (l)users read /dev/tcx0

Summary
Description:Sparcstations running 4.1.4 (probably other versions too) crash when users read /dev/tcx0 with something like 'cat'. Not that this is a VERY generall problem. There are a lot of devices on many devices that will crash if you do wierd things to them. Especially cat'ing binary files to them. I am not going to write up a page on each.
Author:Dixon Ly <dly@BAYNETWORKS.COM> mentioned this particular problem.
Compromise:DOS attack, obviously annoy people. You could also do more devious thing, taking down the machine so you can IP spoof "from" it without it sending thos damn RST's!
Vulnerable Systems:Sparc 5,10,20,etc. running SunOS 4.1.4 probably other versions.
Date:19 May 1997
Details


Date: Mon, 19 May 1997 19:29:20 -0700
From: Dixon Ly <dly@BAYNETWORKS.COM>
To: BUGTRAQ@NETSPACE.ORG
Subject: /dev/tcx0 crashes SunOS 4.1.4 on Sparc 20's

A while ago, I asked on Sun Managers group who I should tell about
a crash bug I found on Sparc 20's running SunOS 4.1.4.  The general
consensus was not to tell anyone except maybe send a message to CERT.
So I did.  Since then more people have suggested that I should send
it to Bugtraqs as well....so while I still have messages sprouting
from my previous email address reminding me this, let me post it before
I cut everything off:

If you try to read /dev/tcx0 on a SunOS 4.1.4 Sparc 20 (it didn't
work on a 10; didn't have access to a Sparc 5, so I couldn't check
that), you will cause a system panic.  How do you read it, you ask?
Simply "cat /dev/tcx0" or "ls /dev/tcx0/*".  You don't need special
privileges to use it.

Now, I have never own'ed a tcx frame buffer.  These only exist on Sparc 5
right?  So I don't know what will happen if you do have a tcx device.
If you don't, then the simplest fix is to just remove the darn entry under
/dev.

-d






--

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
     Dixon Ly -- Release Test Engineering -- Bay Networks, Inc.
            dly@BayNetworks.com       (408) 495-1396
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

More Exploits!

The master index of all exploits is available here (Very large file)
Or you can pick your favorite operating system:
All OS's Linux Solaris/SunOS Micro$oft
*BSD Macintosh AIX IRIX
ULTRIX/Digital UNIX HP/UX SCO Remote exploits

This page is part of Fyodor's exploit world. For a free program to automate scanning your network for vulnerable hosts and services, check out my network mapping tool, nmap. Or try these Insecure.Org resouces:

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault