[LUGA] Mit freundlicher Unterstützung von:
Linux New Media AG

Mail Thread Index


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Hmmmmmm....



------- Forwarded Message

Forwarded: Mon, 21 Oct 1996 08:48:29 +0200
Forwarded: luga@luga.or.att
Return-Path: best-of-security-request@suburbia.net 
Return-Path: best-of-security-request@suburbia.net
Received: from bononunu.gams.co.at (bononunu.gams.co.at [193.46.232.10]) by 
zen.gams.co.at (8.7.1/8.6.9) with ESMTP id AAA14572 for <zen@zen.gams.co.at>; 
Sun, 20 Oct 1996 00:14:21 +0200
Received: from mario.gams.at (mario.gams.at [194.42.96.10]) by 
bononunu.gams.co.at (8.7.1/8.7.3) with ESMTP id AAA21234 for <bosal@gams.co.at>
; Sun, 20 Oct 1996 00:17:09 +0200
Received: from pdx1.world.net (pdx1.world.net [192.243.32.18]) by 
mario.gams.at (8.7.5/8.7.3) with ESMTP id AAA01325 for <bosal@gams.co.at>; 
Sun, 20 Oct 1996 00:16:59 +0200
Received: from suburbia.net (suburbia.net [203.4.184.1]) by pdx1.world.net 
(8.7.5/8.7.3) with ESMTP id PAA29081; Sat, 19 Oct 1996 15:16:42 -0700 (PDT)
Received: (list@localhost) by suburbia.net (8.7.4/Proff-950810) id HAA03308; 
Sun, 20 Oct 1996 07:28:07 +1000
Resent-Date: Sun, 20 Oct 1996 07:28:07 +1000
Approved-By: ALEPH1@UNDERGROUND.ORG
X-Mailer: Mozilla 3.01b1 (Win95; I)
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="------------BFF22A370E3"
Approved-By:  Jake the Prince <usa@WIN95.COM>
Message-ID: <3269053B.3D6F@win95.com>
Date: 	Sat, 19 Oct 1996 18:43:39 +0200
Reply-To: usa@win95.com
Sender: Bugtraq List <BUGTRAQ@netspace.org>
From: Jake the Prince <usa@win95.com>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
Approved: proff@suburbia.net
Resent-Message-ID: <"mdeOh1.0.Xp.WVKQo"@suburbia>
Resent-From: best-of-security@suburbia.net
X-Mailing-List: <best-of-security@suburbia.net> archive/latest/463
X-Loop: best-of-security@suburbia.net
Precedence: list
Resent-Sender: best-of-security-request@suburbia.net
Subject: BoS:      Urgent !! Serious Linux Security Bug....

This is a multi-part message in MIME format.

- --------------BFF22A370E3
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Hi,

        Today we saw an email from Linus Torvalds advising of a problem
with Linux and ping.  Basically you can reboot a linux box remotely if
some scenario's are right.  From what we can tell and this has all been
verified is: If anyone in the world with a Windows 95 machine can ping
your
Linux box they can potentially reboot that machine.. Hence a serious
denial of service OR loss of data.

Scenario:

Win95 user types 'ping -l 65510 host.running.linux'.

Result:

That machine reboots OR freezes.

On the Linux machine, you need to be running kernel version 2.0.7(It's
the
lowest we run) up to version 2.0.20(The highest we're running).

With ping you can use value 65508-65527.

We have extensively tested both of these.

I'm sure there are thousands of Linux systems that could be affected.

There IS a BETA patch out and it DOES work.. If you don't have that
patch
code as of yet, it's attached.

Cyaz

Jake The Prince

PS..... Thanks to whoever found this serious bug...
- -

       /-----------------------------------------------------------\
       | I have just one     \|/ ____ \|/                          |
       | thing to say...     ~@-/ oO \-@~  Neener, neener, neener. |
       |                     /_( \__/ )_\                          |
       |                        \__U_/                             |
       |                                                           |
       |      -*- Opp -*- (usa@win95.com) -*- USA_Direkt -*-       |
       \-----------------------------------------------------------/

- --------------BFF22A370E3
Content-Type: text/plain; charset=us-ascii; name="ping.bug"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline; filename="ping.bug"

- --- ip_fragment.c.old   Mon Sep 16 22:14:52 1996
+++ ip_fragment.c       Sat Oct 19 01:04:47 1996
@@ -366,7 +366,7 @@
                {
                        NETDEBUG(printk("Invalid fragment list: Fragment over 
size.\n"));
                        ip_free(qp);
- -                       frag_kfree_skb(skb,FREE_WRITE);
+                       kfree_skb(skb,FREE_WRITE);
                        ip_statistics.IpReasmFails++;
                        return NULL;
                }
@@ -466,6 +466,18 @@
                        return NULL;
                }
        }
+
+       /*
+        *      Attempt to construct an oversize packet.
+        */
+
+       if(ntohs(iph->tot_len)+(int)offset>65535)
+       {
+               skb->sk = NULL;
+               frag_kfree_skb(skb, FREE_READ);
+               ip_statistics.IpReasmFails++;
+               return NULL;
+       }

        /*
         *      Determine the position of this fragment.


- --

- --------------BFF22A370E3--

------- End of Forwarded Message






powered by LINUX the choice of a gnu generation
linux user group austria;
Suche
Suche
Letzte Änderung:
webmaster@luga.at
September 2010