Re: Big problem on 2.0.x?

From: Jason Mills (jasonat_private)
Date: Mon Dec 13 1999 - 15:44:22 PST

Next message: Aleph One: "CERT Advisory CA-99.15 - Buffer Overflows in SSH Daemon and"

Previous message: Markus Friedl: "sshd1 allows unencrypted sessions regardless of server policy"
Maybe in reply to: Eduardo Cruz: "Big problem on 2.0.x?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

heres a simple patch for the -s stuff just using the same method as with
-l :)

--- netkit-base-0.10/ping/ping.c.orig   Mon Dec 13 15:33:56 1999
+++ netkit-base-0.10/ping/ping.c        Mon Dec 13 15:34:15 1999
@@ -302,6 +302,11 @@
                        options |= F_SO_DONTROUTE;
                        break;
                case 's':               /* size of packet to send */
+                       if (!am_i_root) {
+                               (void)fprintf(stderr,
+                                   "ping: %s\n", strerror(EPERM));
+                               exit(2);
+                       }
                        datalen = atoi(optarg);
                        if (datalen > MAXPACKET) {
                                (void)fprintf(stderr,

-------------------------------------

On Sat, 11 Dec 1999, Stephen White wrote:

> Mike Ireton wrote:
> > > i found that when u do a ping -s 65468 -R  ANYIPADDRESS ( -R record
> > > route) the system starts to print on the screen kernel dumps
> > > , freezes complitely and after few secconds the system reboots.
>
> This can be 'fixed' (okay kludged around) by altering the
>
> #define      MAXPACKET       (65536 - 60 - 8)/* max packet size */
>
> line in ping.c
>
> I've reduced it to 32K (32768) on my Linux 2.0.36 box, since that should
> avoid all possible problems (air on the side of caution and all that). I
> don't see users having any reason to need such large ping packets anyway
> (other than for the purpose of local or remote exploits).
>
> For those using RedHat 5.2 I've made an SRPM and .i368 RPM containing my
> new ping and they are avaiable via annon. ftp at
>
> ftp://ox.compsoc.net/users/swhite/ping/
>
> You'll need to install with --force since the package reports the same
> version as the normal redhat5.2 one so RPM thinks it's already
> installed.
>
> It has also been suggested that ping could be patched to make '-s' only
> available to root (like '-l' is), as an alternative solution.  I haven't
> tried this but it should be a fairly simple modification.
>
> Neither of these address the real problem in the kernel, but they do
> mean that sysadmins can go on allowing users to run ping without the
> worry of quite such a trivial DoS.
>
> The same problem does not appear to occur in Linux 2.2, Windows 95 or
> Solaris 2.7.
>
> --
> Stephen White                   OU Compsoc System Administration Team
> <swhiteat_private>            http://www.ox.compsoc.net/~swhite/
>

Next message: Aleph One: "CERT Advisory CA-99.15 - Buffer Overflows in SSH Daemon and"
Previous message: Markus Friedl: "sshd1 allows unencrypted sessions regardless of server policy"
Maybe in reply to: Eduardo Cruz: "Big problem on 2.0.x?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:20:47 PDT