Bugtraq mailing list archives
Re: Urgent !! Serious Linux Security Bug....
From: luttgenj () kic or jp (Jason T. Luttgens)
Date: Sun, 20 Oct 1996 18:30:13 +0900
Apparently on my Solaris 2.5 & 2.5.1 box, all I get is "Request timed out" in Windows95......no immediate noticeable effect on the Solaris boxes, although I did not look very closely......... ---------- From: The Cowzilla Man[SMTP:cowzilla () GWBBS NORTHEAST NET] Sent: Sunday, October 20, 1996 9:50 AM To: Multiple recipients of list BUGTRAQ Subject: Re: Urgent !! Serious Linux Security Bug.... People might also be interested to know that this works against AIX hosts too... I have a few questions that i hope people on the list can answer: 1. Would it be possible to send icmp packets of size 65508 or more from a linux machine? (possibly send out faked fragmented packets from raw sockets?) 2. What causes linux to reboot/freeze? If it is because the data from the packet is overwriting portions of the kernel, could this be exploited to an attacker's advantage? (and how?) 3. What other unixes exhibit this kind of behaviour with super large packets? -Cowzilla On Sat, 19 Oct 1996, Jake the Prince wrote:
Hi, Today we saw an email from Linus Torvalds advising of a problem with Linux and ping. Basically you can reboot a linux box remotely if some scenario's are right. From what we can tell and this has all been verified is: If anyone in the world with a Windows 95 machine can ping your Linux box they can potentially reboot that machine.. Hence a serious denial of service OR loss of data. Scenario: Win95 user types 'ping -l 65510 host.running.linux'. Result: That machine reboots OR freezes. On the Linux machine, you need to be running kernel version 2.0.7(It's the lowest we run) up to version 2.0.20(The highest we're running). With ping you can use value 65508-65527. We have extensively tested both of these. I'm sure there are thousands of Linux systems that could be affected. There IS a BETA patch out and it DOES work.. If you don't have that patch code as of yet, it's attached. Cyaz Jake The Prince PS..... Thanks to whoever found this serious bug... - /-----------------------------------------------------------\ | I have just one \|/ ____ \|/ | | thing to say... ~@-/ oO \-@~ Neener, neener, neener. | | /_( \__/ )_\ | | \__U_/ | | | | -*- Opp -*- (usa () win95 com) -*- USA_Direkt -*- | \-----------------------------------------------------------/
Current thread:
- Re: Urgent !! Serious Linux Security Bug.... James Cisco (Oct 19)
- Re: Urgent !! Serious Linux Security Bug.... Alan Cox (Oct 21)
- Re: Urgent !! Serious Linux Security Bug.... Brian Clapper (Oct 21)
- Re: Urgent !! Serious Linux Security Bug.... Chris Townsend (Oct 21)
- What about smbmount? (was: [linux-security] ncpmount/ncpumount) Kristian Köhntopp (Oct 21)
- Re: What about smbmount? (was: [linux-security] Erki Simson (Oct 21)
- <Possible follow-ups>
- Re: Urgent !! Serious Linux Security Bug.... Jason T. Luttgens (Oct 20)
- Re: Urgent !! Serious Linux Security Bug.... Henrik P Johnson (Oct 21)
- Re: Urgent !! Serious Linux Security Bug.... Keith Bower (Oct 21)
- Re: Urgent !! Serious Linux Security Bug.... Marc MERLIN (Oct 21)
- Re: Urgent !! Serious Linux Security Bug.... Stefanita Valeriu Vilcu (Oct 22)
- Re: Urgent !! Serious Linux Security Bug.... Jon Lewis (Oct 22)
- Ping exploit program Bill Fenner (Oct 22)
- Re: BoS: Ping exploit program Darren Reed (Oct 23)
- Re: Urgent !! Serious Linux Security Bug.... Henrik P Johnson (Oct 21)
- Re: Urgent !! Serious Linux Security Bug.... Alan Cox (Oct 21)
- Re: Urgent !! Serious Linux Security Bug.... Valdis.Kletnieks () vt edu (Oct 21)
- Re: Urgent !! Serious Linux Security Bug.... Jon Lewis (Oct 21)