[security] Big problem on 2.0.x? (fwd)

Daniel Ryde (ryde@tripnet.se)
Mon, 13 Dec 1999 12:45:09 +0100 (CET)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Karsten Keil: "Re: Linux 2.2.14pre11, 2.3.29: ISDN broken ?"
Previous message: =?iso-8859-1?Q?Magnus_N=E4slund=28gr=29?=: "Re: 2.3.31 and EtherExpress transmit timeout"
Next in thread: Andrei Pelinescu-Onciul: "Re: [security] Big problem on 2.0.x? (fwd)"
Maybe reply: Andrei Pelinescu-Onciul: "Re: [security] Big problem on 2.0.x? (fwd)"

This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware tools.
Send mail to mime@docserver.cac.washington.edu for more info.

--1690542868-1804175634-945085509=:178
Content-Type: TEXT/PLAIN; CHARSET=iso-8859-1
Content-ID: <Pine.LNX.3.96.991213124114.178I@hobbe.tripnet.se>

Seen on Bugtraq. Works on 2.0.38 + Solar secure Linux patch.
Instant crash and burn.

Best Regards

Daniel Ryde, System Administrator
__________________________________________________________________________
Tripnet AB Visit Address: Telephone: +46 31 7252500
Box 5071 Avagen 42 Facsimile: +46 31 7252501
S-402 22 GOTEBORG GOTEBORG Email: ryde@tripnet.se
Sweden Sweden

---------- Forwarded message ----------
Date: Thu, 9 Dec 1999 10:51:45 -0600
From: Eduardo Cruz <eduardo.cruz@TS-G.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
Subject: Big problem on 2.0.x?

Hello ppl.

Last week i was playing with my old linux 2.0.36 i486 box, while i was playing with the command ping and trying combinations of commands
i found that when u do a ping -s 65468 -R ANYIPADDRESS ( -R record route) the system starts to print on the screen kernel dumps
, freezes complitely and after few secconds the system reboots.

The major problem with this (if this is a bug, because i dont have time to install differents kernels and test it better) is that command can be run by everyone
because you dont need root permissions to make a -R.

I tested this on a 2.0.35 and .36 (both slackware), when u try to do this on a 2.2.x the system prints out "message too long".
I think the problem is that there is a size-check missed when u reach the maximun packet size and u put the route information, but anyway
i am not a guru on kernels.

So, now is time for the kernel experts :)

---------------------------------------------------------------------------
Eduardo Cruz - eduardo.cruz.@ts-g.com
Network Administrator
Telecomm Solutions Group
Tel: +350 74146 Fax: +350 41781
---------------------------------------------------------------

--1690542868-1804175634-945085509=:178--

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Karsten Keil: "Re: Linux 2.2.14pre11, 2.3.29: ISDN broken ?"
Previous message: =?iso-8859-1?Q?Magnus_N=E4slund=28gr=29?=: "Re: 2.3.31 and EtherExpress transmit timeout"
Next in thread: Andrei Pelinescu-Onciul: "Re: [security] Big problem on 2.0.x? (fwd)"
Maybe reply: Andrei Pelinescu-Onciul: "Re: [security] Big problem on 2.0.x? (fwd)"