home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Freaks Macintosh Archive
/
Freaks Macintosh Archive.bin
/
Freaks Macintosh Archives
/
Textfiles
/
zines
/
Happle
/
happle10.sit.hqx
/
Happle#10
/
Files
/
Denial.sit
/
DoS
/
solaris_ping.txt
< prev
next >
Wrap
Text File
|
1998-12-09
|
2KB
|
83 lines
Here is a way to reboot a Solaris box,
and is exploitable by anyone with an account on
the system since ping is setuid root.
ping -sv -i 127.0.0.1 224.0.0.1
On solaris 2.5, causes the machine to reboot (personal experience). I've
had independent reports of it crashing 2.5.1, and 2.5 (x86). It probably works
on all versions of Solaris.
To "fix" the denial of service:
chmod go-x /usr/sbin/ping
if you don't mind disabling ping on your system.
--------------------------------------------------------------------------------
To fix:
/usr/sbin/ndd -set /dev/ip ip_respond_to_echo_broadcast 0
should be added to /etc/init.d/inetinit to be permanent.
--------------------------------------------------------------------------------
#!/bin/sh
# bpowell 06/21/97 generic titan wrapper for:
# add the ndd line to disable response to echo modifies S69inet
#
# Note: none
# version 0.1
#
# setup
PATH=/usr/ucb:/bin:/usr/bin:/sbin
MYNAME=`basename $0`
# Check for execution by root
if [ `/usr/xpg4/bin/id -un` != root ]
then
echo " "
echo >&2 "$MYNAME: error: must be run as root."
echo " "
exit 1
fi
# Introduction
# cat << EOF
#
# This disables ip_respond_to_echo_broadcast so that specific ping crashes
# don't work
# The program modifies /etc/rc2.d/S69inet
#
# ndd -set /dev/ip ip_respond_to_echo_broadcast 0
# EOF
# echo press enter to continue"\c"
# read YN
if test -f /etc/rc2.d/S??inet
then
echo " Now adding the new ndd command"
ed - /etc/rc2.d/S??inet <<- !
g/tcp_old_urp_interpretation
a
ndd -set /dev/ip ip_respond_to_echo_broadcast 0
.
w
Q
!
echo " Modifcations to rc2.d complete"
fi
echo " Done."