[LUGA] Mit freundlicher Unterstützung von:
OCG

Mail Thread Index


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[luga] [alan@CYMRU.NET: Linux 2.0.33 vulnerability: fragment patterns]



Na so was (kleine Ursache, große Wirkung ;-)

LG,

-GünthER

-----Forwarded message from Alan Cox <alan@CYMRU.NET>-----

[-- Decoded from message <199804161409.PAA09529@snowcrash.cymru.net> --]

X-From_: owner-bugtraq@NETSPACE.ORG  Thu Apr 16 19:01:50 1998
Approved-By: aleph1@DFW.NET
Date: 	Thu, 16 Apr 1998 15:09:56 +0100
Reply-To: Alan Cox <alan@CYMRU.NET>
From: Alan Cox <alan@CYMRU.NET>
Subject:      Linux 2.0.33 vulnerability: fragment patterns
To: BUGTRAQ@NETSPACE.ORG

Ok duplicated. There's an 'off by one IP header' bug

--- ip_fragment.c.old   Thu Apr 16 12:25:34 1998
+++ ip_fragment.c       Thu Apr 16 12:29:02 1998
@@ -375,7 +375,7 @@
        fp = qp->fragments;
        while(fp != NULL)
        {
-               if (fp->len < 0 || count+fp->len > skb->len)
+               if (fp->len < 0 || fp->offset+qp->ihlen+fp->len > skb->len)
                {
                        NETDEBUG(printk("Invalid fragment list: Fragment over size.\n"));
                        ip_free(qp);

-----End of forwarded message-----

-- 
GünthER H. Leber @ home     NT: Not True, No Technology, Not Trustworthy
PGP: https://www.luga.or.at/pgppubkeys/68279259.asc
PGP Fingerprint:   4B 12 AD B5 4E ED AB 56  F7 3F B2 02 25 FD 95 98



powered by LINUX the choice of a gnu generation
linux user group austria;
Suche
Suche
Letzte Änderung:
webmaster@luga.at
September 2010