Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY LINKS NEWS MAN DOCUMENTATION

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>

Date: Mon, 13 Dec 1999 15:44:22 -0800
From: Jason Mills <jason@INETARENA.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
Subject: Re: Big problem on 2.0.x?

heres a simple patch for the -s stuff just using the same method as with
-l :)

--- netkit-base-0.10/ping/ping.c.orig   Mon Dec 13 15:33:56 1999
+++ netkit-base-0.10/ping/ping.c        Mon Dec 13 15:34:15 1999
@@ -302,6 +302,11 @@
                        options |= F_SO_DONTROUTE;
                        break;
                case 's':               /* size of packet to send */
+                       if (!am_i_root) {
+                               (void)fprintf(stderr,
+                                   "ping: %s\n", strerror(EPERM));
+                               exit(2);
+                       }
                        datalen = atoi(optarg);
                        if (datalen > MAXPACKET) {
                                (void)fprintf(stderr,

-------------------------------------

On Sat, 11 Dec 1999, Stephen White wrote:

> Mike Ireton wrote:
> > > i found that when u do a ping -s 65468 -R  ANYIPADDRESS ( -R record
> > > route) the system starts to print on the screen kernel dumps
> > > , freezes complitely and after few secconds the system reboots.
>
> This can be 'fixed' (okay kludged around) by altering the
>
> #define      MAXPACKET       (65536 - 60 - 8)/* max packet size */
>
> line in ping.c
>
> I've reduced it to 32K (32768) on my Linux 2.0.36 box, since that should
> avoid all possible problems (air on the side of caution and all that). I
> don't see users having any reason to need such large ping packets anyway
> (other than for the purpose of local or remote exploits).
>
> For those using RedHat 5.2 I've made an SRPM and .i368 RPM containing my
> new ping and they are avaiable via annon. ftp at
>
> ftp://ox.compsoc.net/users/swhite/ping/
>
> You'll need to install with --force since the package reports the same
> version as the normal redhat5.2 one so RPM thinks it's already
> installed.
>
> It has also been suggested that ping could be patched to make '-s' only
> available to root (like '-l' is), as an alternative solution.  I haven't
> tried this but it should be a fairly simple modification.
>
> Neither of these address the real problem in the kernel, but they do
> mean that sysadmins can go on allowing users to run ping without the
> worry of quite such a trivial DoS.
>
> The same problem does not appear to occur in Linux 2.2, Windows 95 or
> Solaris 2.7.
>
> --
> Stephen White                   OU Compsoc System Administration Team
> <swhite@ox.compsoc.net>            http://www.ox.compsoc.net/~swhite/
>

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>

Партнёры:

Хостинг: