Bugtraq mailing list archives
Re: Urgent !! Serious Linux Security Bug....
From: dpswkdb () albertsons com (Keith Bower)
Date: Mon, 21 Oct 1996 15:44:37 -0600
In response to multiple comments about AIX vulnerability to ping -l 65500 your.AIX.host from an NT or WIN95 workstation. I investigated this problem with IBM, and experimented with my machines here. The AIX 4.1.4 release is susceptible and 3.2.5 is not. IBM was aware of the problem with large packets, and a PTF for bos.tcp.client.4.1.4.18 is available. The latest APAR number for TCP and security fixes is U445555. Apply this fix and vulnerability goes away. The "-l" option in AIX is for sending multiple pings as fast as possible. The crash problem does *NOT* manifest itself when using AIX's ping. The "-l" on NT ( and I assume WIN95 ) establishes the size of the packet to send. An NT ping did crash my AIX 4.1.4 test box, with no PTF/APARs applied. You can use IBM's fix-dist to download PTFs/APARs or contact IBM for the fix. Keith Bower (I speak for myself - not for my employer, yada yada yada) respond to: Keith_Bower () albertsons com
Current thread:
- Re: Urgent !! Serious Linux Security Bug.... James Cisco (Oct 19)
- Re: Urgent !! Serious Linux Security Bug.... Alan Cox (Oct 21)
- Re: Urgent !! Serious Linux Security Bug.... Brian Clapper (Oct 21)
- Re: Urgent !! Serious Linux Security Bug.... Chris Townsend (Oct 21)
- What about smbmount? (was: [linux-security] ncpmount/ncpumount) Kristian Köhntopp (Oct 21)
- Re: What about smbmount? (was: [linux-security] Erki Simson (Oct 21)
- <Possible follow-ups>
- Re: Urgent !! Serious Linux Security Bug.... Jason T. Luttgens (Oct 20)
- Re: Urgent !! Serious Linux Security Bug.... Henrik P Johnson (Oct 21)
- Re: Urgent !! Serious Linux Security Bug.... Keith Bower (Oct 21)
- Re: Urgent !! Serious Linux Security Bug.... Marc MERLIN (Oct 21)
- Re: Urgent !! Serious Linux Security Bug.... Stefanita Valeriu Vilcu (Oct 22)
- Re: Urgent !! Serious Linux Security Bug.... Jon Lewis (Oct 22)
- Ping exploit program Bill Fenner (Oct 22)
- Re: BoS: Ping exploit program Darren Reed (Oct 23)
- Re: Urgent !! Serious Linux Security Bug.... Henrik P Johnson (Oct 21)
- Re: Urgent !! Serious Linux Security Bug.... Alan Cox (Oct 21)
- Re: Urgent !! Serious Linux Security Bug.... Valdis.Kletnieks () vt edu (Oct 21)
- Re: Urgent !! Serious Linux Security Bug.... Jon Lewis (Oct 21)
- Re: Urgent !! Serious Linux Security Bug.... Jochen Friedrich (Oct 22)