Bugtraq mailing list archives

Re: Urgent !! Serious Linux Security Bug....

From: triumph () ziplink net (TriumpH)
Date: Sun, 20 Oct 1996 09:24:17 -0400


        I run kernel 2.1.5 and it seems as if it is fixed, I haven't tried
it, but I compared the patch to my ip_fragment.c, and it looks the same at
those line numbers..

 ____________________________________________________
|     |\_______                          |\. ._      |
|     |__    __\                         | | | \     |
|        |  | .____  o .___   _____  ___ | |_| |     |
|        |  | | .__\._ | | | /     \/   \|  _  |     |
|::::::::|  |:| |:::| || | |:| |_| || o  | |:| |:::::|
|::::::::|_ |:|_|:::|_|\___/:|_|:|_|| ._/|_|:| |:::::|
|::::::::::\|:::::::::->3y3 4m<-::::|_|:::::::\|:::::|
|::::::::::::::->triumph () ziplink net<-:::::::::::::::|
|:::::::::::::::->triumph () usa1 com<-:::::::::::::::::|
|::::::::::->triumph () halcyon ziplink net<-:::::::::::|
|:::::::::::->triumph () forever zipnet net<-:::::::::::|
|sysadmin halcyon.ziplink.net::::::::::::::::::::::::|

On Sat, 19 Oct 1996, Jake the Prince wrote:

Hi,

        Today we saw an email from Linus Torvalds advising of a problem
with Linux and ping.  Basically you can reboot a linux box remotely if
some scenario's are right.  From what we can tell and this has all been
verified is: If anyone in the world with a Windows 95 machine can ping
your
Linux box they can potentially reboot that machine.. Hence a serious
denial of service OR loss of data.

Scenario:

Win95 user types 'ping -l 65510 host.running.linux'.

Result:

That machine reboots OR freezes.

On the Linux machine, you need to be running kernel version 2.0.7(It's
the
lowest we run) up to version 2.0.20(The highest we're running).

With ping you can use value 65508-65527.

We have extensively tested both of these.

I'm sure there are thousands of Linux systems that could be affected.

There IS a BETA patch out and it DOES work.. If you don't have that
patch
code as of yet, it's attached.

Cyaz

Jake The Prince

PS..... Thanks to whoever found this serious bug...
-

       /-----------------------------------------------------------\
       | I have just one     \|/ ____ \|/                          |
       | thing to say...     ~@-/ oO \-@~  Neener, neener, neener. |
       |                     /_( \__/ )_\                          |
       |                        \__U_/                             |
       |                                                           |
       |      -*- Opp -*- (usa () win95 com) -*- USA_Direkt -*-       |
       \-----------------------------------------------------------/

Current thread:

/usr/bin/solstice under solaris 5.5 Grant Kaufmann (Oct 18)
- Re: /usr/bin/solstice under solaris 5.5 Casper Dik (Oct 19)
- Urgent !! Serious Linux Security Bug.... Jake the Prince (Oct 19)
  - Re: Urgent !! Serious Linux Security Bug.... The Cowzilla Man (Oct 19)
  - Re: Urgent !! Serious Linux Security Bug.... TriumpH (Oct 20)
    - Ping Crashes Erik Fichtner (Oct 22)
    - Re: Urgent !! Serious Linux Security Bug.... Kim Alm (Oct 22)
  - Re: Urgent !! Serious Linux Security Bug.... Darren Reed (Oct 22)
- <Possible follow-ups>
- /usr/bin/solstice under solaris 5.5 Scriptors of DOOM (Oct 18)