Re: Possible Overflow in ping, Linux?

From: Cooper (Cooper@LINUX-FAN.COM)
Date: Thu Apr 19 2001 - 13:28:44 PDT

Next message: Keith.Morgan: "Re: Hijack IP Address using cable modem (fwd)"

Previous message: Kayne Ian (Softlab): "Re: msn messenger"
In reply to: Boris Gentleman Schauerte: "Possible Overflow in ping, Linux?"
Next in thread: John: "Re: Possible Overflow in ping, Linux?"
Reply: John: "Re: Possible Overflow in ping, Linux?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Boris Gentleman Schauerte wrote:
>
> Sry,
> but I'm not sure if it is really a ovflow, I hadn't had enough time to test
> it in an debugger, but if I call "ping" under Linux (SuSE Linux 7.1) with
> more than 1020 (tested it with some other lengths) Characters it seems to
> crash.
> I don't know if it is a mechanism to secure the program or an fault, or just
> an too long string without the possibilty to insert shellcode.
>
> I'm sending 2 calls I generated...
>
> Program just couts that this is not a host ... well:
> ping: unknown host:
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA!
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
>
> program dies, if you send more A's ...

I tried this and at least with Slackware Linux 7.0 (too lazy to upgrade)
and the ping there quits with error code 2 ('echo $?' after the ping)
which is the error code for having found an unknown host. Nothing
breaks, nothing complains. I tried it with so many A's that scrolling
back up the window didn't even give the "ping: unknown host:" bit of the
error message that is produced.

Perhaps you could be more specific about the ping you think you've
exploited (and IIRC return code 139 means a segfault).

Cooper
--
I want a patriot missile.
I pay taxes, why can't I have one?
	- Denis Leary, Cheese Helmet -

Next message: Keith.Morgan: "Re: Hijack IP Address using cable modem (fwd)"
Previous message: Kayne Ian (Softlab): "Re: msn messenger"
In reply to: Boris Gentleman Schauerte: "Possible Overflow in ping, Linux?"
Next in thread: John: "Re: Possible Overflow in ping, Linux?"
Reply: John: "Re: Possible Overflow in ping, Linux?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Apr 19 2001 - 22:34:26 PDT