Bugtraq mailing list archives
Linux 2.0.33 vulnerability: fragment patterns
From: alan () CYMRU NET (Alan Cox)
Date: Thu, 16 Apr 1998 15:09:56 +0100
Ok duplicated. There's an 'off by one IP header' bug
--- ip_fragment.c.old Thu Apr 16 12:25:34 1998
+++ ip_fragment.c Thu Apr 16 12:29:02 1998
@@ -375,7 +375,7 @@
fp = qp->fragments;
while(fp != NULL)
{
- if (fp->len < 0 || count+fp->len > skb->len)
+ if (fp->len < 0 || fp->offset+qp->ihlen+fp->len > skb->len)
{
NETDEBUG(printk("Invalid fragment list: Fragment over size.\n"));
ip_free(qp);
Current thread:
- Re: APC UPS PowerChute PLUS exploit..., (continued)
- Re: APC UPS PowerChute PLUS exploit... Pascal Gienger (Apr 13)
- (follow-up) Wietse's RPCBIND Chiaki Ishikawa (Apr 13)
- Re: APC UPS PowerChute PLUS exploit... Chris Liljenstolpe - Network Engineer (Apr 12)
- Re: APC UPS PowerChute PLUS exploit... Iain P.C. Moffat (Apr 13)
- IRIX LicenseManager(1M) Vulnerabilities SGI Security Coordinator (Apr 13)
- Re: APC UPS PowerChute PLUS exploit... Rick Perry (Apr 13)
- Re: APC UPS PowerChute PLUS exploit... Pascal Gienger (Apr 14)
- Re: APC UPS PowerChute PLUS exploit... Scott Stone (Apr 14)
- New possible exploit for 2.0.33 (kfree_skb error) Paul (Apr 15)
- Re: New possible exploit for 2.0.33 (kfree_skb error) Alan Cox (Apr 15)
- Linux 2.0.33 vulnerability: fragment patterns Alan Cox (Apr 16)
- Linux 2.0.33 vulnerability: oversized packets Michal Zalewski (Apr 17)
- Linux 2.0.34pre10: Summary of fixed vulnerabilities Alan Cox (Apr 20)
- Re: Linux 2.0.33 vulnerability: oversized packets Jon Lewis (Apr 20)
- Re: Linux 2.0.33 vulnerability: oversized packets Krzysztof G. Baranowski (Apr 21)
- code to crash cistron's radius Hamdi Tounsi (Apr 21)
- nestea v2. The program that DoS's 2.0.33s The Tree of Life (Apr 18)
- xdm problems Thomas Roessler (Apr 16)
- Re: xdm problems Matthieu Herrb (Apr 20)
- SECURITY: procps 1.2.7 fixes security hole Aleph One (Apr 20)