Re: BoS: Urgent !! Serious Linux Security Bug....

[eburke () cslab vt edu (Eli Burke)]

> cy>> >        Today we saw an email from Linus Torvalds advising of a problem
> cy>> >with Linux and ping.  Basically you can reboot a linux box remotely if
> cy>> >some scenario's are right.  From what we can tell and this has all been
> cy>> >verified is: If anyone in the world with a Windows 95 machine can ping
> cy>> >your Linux box they can potentially reboot that machine..
> cy>>
> cy>> Yes, but this attack another machines, AIX for example.
> cy>I just tested this against FreeBSD 2.1.5.  The machine under attack,
> cy>a 486SX/25, got was for a while but recovered quite nicely.
>
> My Friend tested in this machines:
> >       1) Reboot: OSF/1 3.2C, Solaris2.4 x86
> >       2) Ignored: *BSD, SunOS4.1.x, IOS, AIX3.2.5, VMS e Solaris 2.4
> >          Sparc, Irix.
> >       3) Respond: M$ e OS/2
> >       4) Crash: Linux, AIX4, OSF  <= 3.2C and AIX3.2.5 on Token-ring.

        I tested this under OSF/1 3.2 and had no problems. Same for DUnix 4.0,
Ultrix 4.4, Windows NT 4.0 (server and workstation), and FreeBSD 2.1.5.
FreeBSD was the only one that showed any symptoms; the network card stopped
responding for about two minutes, but I could belive that to be the fault of
the lousy intel etherexpress driver.

--
Eli Burke
eburke () vt edu
http://csugrad.cs.vt.edu/~eburke/