Freaks Macintosh Archive

home *** CD-ROM | disk | FTP | other *** search

/ Freaks Macintosh Archive / Freaks Macintosh Archive.bin / Freaks Macintosh Archives / Textfiles / zines / Happle / happle10.sit.hqx / Happle#10 / Files / Denial.sit / DoS / solaris_ping.txt < prev next >

Wrap

Text File | 1998-12-09 | 2KB | 83 lines

Here is a way to reboot a Solaris box, and is exploitable by anyone with an account on the system since ping is setuid root. ping -sv -i 127.0.0.1 224.0.0.1 On solaris 2.5, causes the machine to reboot (personal experience). I've had independent reports of it crashing 2.5.1, and 2.5 (x86). It probably works on all versions of Solaris. To "fix" the denial of service: chmod go-x /usr/sbin/ping if you don't mind disabling ping on your system. -------------------------------------------------------------------------------- To fix: /usr/sbin/ndd -set /dev/ip ip_respond_to_echo_broadcast 0 should be added to /etc/init.d/inetinit to be permanent. -------------------------------------------------------------------------------- #!/bin/sh # bpowell 06/21/97 generic titan wrapper for: # add the ndd line to disable response to echo modifies S69inet # # Note: none # version 0.1 # # setup PATH=/usr/ucb:/bin:/usr/bin:/sbin MYNAME=`basename $0` # Check for execution by root if [ `/usr/xpg4/bin/id -un` != root ] then echo " " echo >&2 "$MYNAME: error: must be run as root." echo " " exit 1 fi # Introduction # cat << EOF # # This disables ip_respond_to_echo_broadcast so that specific ping crashes # don't work # The program modifies /etc/rc2.d/S69inet # # ndd -set /dev/ip ip_respond_to_echo_broadcast 0 # EOF # echo press enter to continue"\c" # read YN if test -f /etc/rc2.d/S??inet then echo " Now adding the new ndd command" ed - /etc/rc2.d/S??inet <<- ! g/tcp_old_urp_interpretation a ndd -set /dev/ip ip_respond_to_echo_broadcast 0 . w Q ! echo " Modifcations to rc2.d complete" fi echo " Done."