SunOS 4.1.4 crashes when (l)users read /dev/tcx0
|Description:||Sparcstations running 4.1.4 (probably other versions too) crash when users read /dev/tcx0 with something like 'cat'. Not that this is a VERY generall problem. There are a lot of devices on many devices that will crash if you do wierd things to them. Especially cat'ing binary files to them. I am not going to write up a page on each.|
|Author:||Dixon Ly <dly@BAYNETWORKS.COM> mentioned this particular problem.|
|Compromise:||DOS attack, obviously annoy people. You could also do more devious thing, taking down the machine so you can IP spoof "from" it without it sending thos damn RST's!|
|Vulnerable Systems:||Sparc 5,10,20,etc. running SunOS 4.1.4 probably other versions. |
|Date:||19 May 1997 |
Date: Mon, 19 May 1997 19:29:20 -0700
From: Dixon Ly <dly@BAYNETWORKS.COM>
Subject: /dev/tcx0 crashes SunOS 4.1.4 on Sparc 20's
A while ago, I asked on Sun Managers group who I should tell about
a crash bug I found on Sparc 20's running SunOS 4.1.4. The general
consensus was not to tell anyone except maybe send a message to CERT.
So I did. Since then more people have suggested that I should send
it to Bugtraqs as well....so while I still have messages sprouting
from my previous email address reminding me this, let me post it before
I cut everything off:
If you try to read /dev/tcx0 on a SunOS 4.1.4 Sparc 20 (it didn't
work on a 10; didn't have access to a Sparc 5, so I couldn't check
that), you will cause a system panic. How do you read it, you ask?
Simply "cat /dev/tcx0" or "ls /dev/tcx0/*". You don't need special
privileges to use it.
Now, I have never own'ed a tcx frame buffer. These only exist on Sparc 5
right? So I don't know what will happen if you do have a tcx device.
If you don't, then the simplest fix is to just remove the darn entry under
Dixon Ly -- Release Test Engineering -- Bay Networks, Inc.
dly@BayNetworks.com (408) 495-1396
The master index of all exploits is available
here (Very large file)
Or you can pick your favorite operating system:
This page is part of Fyodor's exploit
For a free program to automate scanning your network for vulnerable
hosts and services, check out my network mapping tool, nmap. Or try these Insecure.Org resources: