Bug 15917 - Maksimum packetlength checked badly (Local DoS)
Maksimum packetlength checked badly (Local DoS)
Product: Red Hat Linux
Classification: Retired
Component: traceroute (Show other bugs)
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Crutcher Dunnavant
Depends On:
  Show dependency treegraph
Reported: 2000-08-10 08:40 EDT by Need Real Name
Modified: 2008-05-01 11:37 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2000-08-14 03:46:37 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Need Real Name 2000-08-10 08:40:29 EDT
If you give packet length with (second) command line parameter, the
traceroute checks the maximum size of packet before assigning the given
value to variable. So you can get traceroute to allocate huge block of
memory, and becouse traceroute is suid program ulimits of users don't
affect. => Normal user can use all of the memory and makes the machine

Patchfile and fixed source- and binary-rpm-file is available at

Ari Saastamoinen
Comment 1 Pekka Savola 2000-08-14 03:46:35 EDT
This happens in RHL 7.0 beta too.  It drops the privileges earlier though.
Comment 2 Jeff Johnson 2000-10-04 15:22:22 EDT
Fixed (by adding patch) in traceroute-1.4a5-24. Thanks for the patch.

Note You need to log in before you can comment on or make changes to this bug.