OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: Local root through vulnerability in ping on linux.
From: Samu (samuMCLINK.IT)
Date: Sun Aug 20 2000 - 11:29:59 CDT


On Sat, Aug 19, 2000 at 08:39:35PM +0200, Ralf-Philipp Weinmann wrote:
> On Sat, 19 Aug 2000, Gerrie wrote:
>
> > Again some blackhats have a zeroday exploits in their hands.
> >
> > It's exploits a bug in the linux kernel by using ping, does someone have
> > more info?
> >
i tried your ping on a debian woody i386 and it doesn't work
again: there are two packages with ping for debian
one in iputils-ping ( which has ping for ipv6 )
one in netkit-ping

the ping in iputils-ping packages is more like "redhattish" ( broadcast ?
then ping -b .... ARGHHH ) and it gives to user the capability to set ICMP
packet size with -s .
with the other packages ( a normal ping ) you can't if you aren't root
to set your icmp packet size even it's suid root .

( and that to answer to ping flooding as user thread ) .

none of the two "ping " give me DOS or kernel bug ( i tried on 2.2.16 and
2.4.0-test4 ) .

i can suggest you to rm you old ping and use this one from debian

cee ya

samuele

--
Samuele Tonon  <samumclink.it>
Undergraduate Student  of  Computer Science at  University of Bologna, Italy
System administrator at Computer Science Lab's, University of Bologna, Italy
Founder & Member of A.A.H.T.
UIN 3155609
          	Acid -- better living through chemistry.
			       Timothy Leary