Sparcstations running 4.1.4 (probably other versions too) crash when users read /dev/tcx0 with something like 'cat'. Not that this is a VERY generall problem. There are a lot of devices on many devices that will crash if you do wierd things to them. Especially cat'ing binary files to them. I am not going to write up a page on each.
Dixon Ly <dly@BAYNETWORKS.COM> mentioned this particular problem.
DOS attack, obviously annoy people. You could also do more devious thing, taking down the machine so you can IP spoof "from" it without it sending thos damn RST's!
Sparc 5,10,20,etc. running SunOS 4.1.4 probably other versions.
19 May 1997
Date: Mon, 19 May 1997 19:29:20 -0700
From: Dixon Ly <dly@BAYNETWORKS.COM>
Subject: /dev/tcx0 crashes SunOS 4.1.4 on Sparc 20's
A while ago, I asked on Sun Managers group who I should tell about
a crash bug I found on Sparc 20's running SunOS 4.1.4. The general
consensus was not to tell anyone except maybe send a message to CERT.
So I did. Since then more people have suggested that I should send
it to Bugtraqs as well....so while I still have messages sprouting
from my previous email address reminding me this, let me post it before
I cut everything off:
If you try to read /dev/tcx0 on a SunOS 4.1.4 Sparc 20 (it didn't
work on a 10; didn't have access to a Sparc 5, so I couldn't check
that), you will cause a system panic. How do you read it, you ask?
Simply "cat /dev/tcx0" or "ls /dev/tcx0/*". You don't need special
privileges to use it.
Now, I have never own'ed a tcx frame buffer. These only exist on Sparc 5
right? So I don't know what will happen if you do have a tcx device.
If you don't, then the simplest fix is to just remove the darn entry under
Dixon Ly -- Release Test Engineering -- Bay Networks, Inc.
dly@BayNetworks.com (408) 495-1396
The master index of all exploits is available
here (Very large file)
Or you can pick your favorite operating system:
This page is part of Fyodor's exploit
For a free program to automate scanning your network for vulnerable
hosts and services, check out my network mapping tool, nmap. Or try these Insecure.Org resouces: