On Tue, 14 Nov 2000, Roman Drahtmueller wrote:
Maybe I got something wrong; as far as I understand the problem, the bug does not "need" ping6 to be exploited, but it's the published exploit (bugtraq) being written to use ping6 for it's means.
In other words: SuSE < 6.4 should be script kiddy safe (as the published exploit will not work), but it is at least possible, if not likely, that our boxes still are vulnerable...
I'd really like to see updated packages from SuSE.
Bye, Bastian
Not quite. The "exploit" is trivial:
cd / ping6 -I ';chmod 777 .' ls -lad .
You don't need any kind of script. But: ping6 is the only program known so far that could trigger the loading of modules with arbitrary names. Yes. For SuSE. Our ping is different from RH. They are vuln via ping :)
However, the modules package has this bug. What quickly comes in mind is pppd and traceroute (beside ping6). At least traceroute didnt worked for me on some systems. S.