Bugtraq mailing list archives

Re: BoS: Urgent !! Serious Linux Security Bug....

From: nelson () pangeia com br (Nelson Murilo)
Date: Sun, 20 Oct 1996 16:00:01 -0200


On Sun, 20 Oct 1996, Cy Schubert wrote:

cy>>   This message is in MIME format.  The first part should be readable text,
cy>>   while the remaining parts are likely unreadable without MIME-aware tools.
cy>>   Send mail to mime () docserver cac washington edu for more info.
cy>>
cy>> --------------BFF22A370E3
cy>> Content-Type: TEXT/PLAIN; CHARSET=us-ascii
cy>> Content-ID: <Pine.LNX.3.95.961019202546.8165T () spliff pangeia com br>
cy>>
cy>> On Sat, 19 Oct 1996, Jake the Prince wrote:
cy>>
cy>> >Hi,
cy>> >
cy>> >        Today we saw an email from Linus Torvalds advising of a problem
cy>> >with Linux and ping.  Basically you can reboot a linux box remotely if
cy>> >some scenario's are right.  From what we can tell and this has all been
cy>> >verified is: If anyone in the world with a Windows 95 machine can ping
cy>> >your
cy>> >Linux box they can potentially reboot that machine.. Hence a serious
cy>> >denial of service OR loss of data.
cy>>
cy>> Yes, but this attack another machines, AIX for example.


cy>
cy>I just tested this against FreeBSD 2.1.5.  The machine under attack,
cy>a 486SX/25, got was for a while but recovered quite nicely.
cy>
cy>When I get into work tomorrow I'll check it out against some other
cy>platforms.

My Friend tested in this machines:

      1) Reboot: OSF/1 3.2C, Solaris2.4 x86
      2) Ignored: *BSD, SunOS4.1.x, IOS, AIX3.2.5, VMS e Solaris 2.4

Sparc, Irix.

      3) Respond: M$ e OS/2
      4) Crash: Linux, AIX4, OSF  <= 3.2C and AIX3.2.5 on Token-ring.


cy>
cy>>
cy>
cy>
cy>Regards,                       Phone:  (604)389-3827
cy>Cy Schubert                    OV/VM:  BCSC02(CSCHUBER)
cy>Open Systems Support          BITNET:  CSCHUBER@BCSC02.BITNET
cy>ITSD                        Internet:  cschuber () uumail gov bc ca
cy>                                       cschuber () bcsc02 gov bc ca
cy>
cy>                "Quit spooling around, JES do it."
cy>


. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
N e l s o n  M u r i l o
Pangeia Informatica - Provedor de solucoes Internet.
http://www.pangeia.com.br
http://www.bluesky.net/pangeia
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Current thread:

Re: BoS: Urgent !! Serious Linux Security Bug.... Nelson Murilo (Oct 20)
- Re: BoS: Urgent !! Serious Linux Security Bug.... Eli Burke (Oct 20)
- Re: BoS: Urgent !! Serious Linux Security Bug.... kewl aid smile (Oct 21)
  - Re: BoS: Urgent !! Serious Linux Security Bug.... Jon Lewis (Oct 21)
  - Re: BoS: Urgent !! Serious Linux Security Bug.... Alan Cox (Oct 22)
- <Possible follow-ups>
- Re: BoS: Urgent !! Serious Linux Security Bug.... Eli Burke (Oct 20)
  - Re: BoS: Urgent !! Serious Linux Security Bug.... Jared Mauch (Oct 20)
    - Re: BoS: Urgent !! Serious Linux Security Bug.... Oliver Xymoron (Oct 21)
    - Ping problem patch page Mike Bremford (Oct 21)
  - Re: BoS: Urgent !! Serious Linux Security Bug.... Henrik P Johnson (Oct 21)
- Re: BoS: Urgent !! Serious Linux Security Bug.... Timothy Brown (Oct 21)

(Thread continues...)