Bug 15917 - Maksimum packetlength checked badly (Local DoS)
Summary: Maksimum packetlength checked badly (Local DoS)
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: traceroute   
(Show other bugs)
Version: 6.2
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Crutcher Dunnavant
QA Contact:
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2000-08-10 12:40 UTC by Need Real Name
Modified: 2008-05-01 15:37 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2000-08-14 07:46:37 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Need Real Name 2000-08-10 12:40:29 UTC
If you give packet length with (second) command line parameter, the
traceroute checks the maximum size of packet before assigning the given
value to variable. So you can get traceroute to allocate huge block of
memory, and becouse traceroute is suid program ulimits of users don't
affect. => Normal user can use all of the memory and makes the machine
swapping.

Patchfile and fixed source- and binary-rpm-file is available at
http://vernon.teraflops.com/rpm/

Ari Saastamoinen

Comment 1 Pekka Savola 2000-08-14 07:46:35 UTC
This happens in RHL 7.0 beta too.  It drops the privileges earlier though.


Comment 2 Jeff Johnson 2000-10-04 19:22:22 UTC
Fixed (by adding patch) in traceroute-1.4a5-24. Thanks for the patch.


Note You need to log in before you can comment on or make changes to this bug.