Bugtraq mailing list archives
Re: strcpy versus strncpy
From: aleph1 () DFW NET (Aleph One)
Date: Wed, 4 Mar 1998 16:12:32 CST
From aleph1 Wed Mar 4 16:05:49 1998
Return-Path: <cert_mailer () cert org> X-Received: from coal.cert.org by dfw.dfw.net (4.1/SMI-4.1) id AA22914; Wed, 4 Mar 1998 16:05:00 CST X-Received: (from cert-advisory@localhost) by coal.cert.org (8.6.12/CERT) id OAA05962 for cert-advisory-queue-40; Wed, 4 Mar 1998 14:05:02 -0500 Date: Wed, 4 Mar 1998 14:05:02 -0500 Message-Id: <199803041905.OAA05962 () coal cert org> From: CERT Advisory <cert-advisory () cert org> To: cert-advisory () coal cert org Subject: CERT Summary CS-98.02 Reply-To: cert-advisory-request () cert org Organization: CERT(sm) Coordination Center - +1 412-268-7090 ReSent-Date: Wed, 4 Mar 1998 16:12:29 -0600 (CST) ReSent-From: Aleph One <aleph1 () dfw net> ReSent-To: BUGTRAQ () NETSPACE ORG ReSent-Message-ID: <Pine.SUN.3.94.980304161229.19842W () dfw dfw net> -----BEGIN PGP SIGNED MESSAGE----- - --------------------------------------------------------------------------- CERT* Summary CS-98.02 - SPECIAL EDITION March 4, 1998 This special edition of the CERT Summary reports denial of service attacks targeting a vulnerability in the Microsoft TCP/IP stack. Past CERT Summaries are available from ftp://ftp.cert.org/pub/cert_summaries/ - --------------------------------------------------------------------------- Denial of service attacks targeting Windows 95/NT machines - ---------------------------------------------------------- This special edition of the CERT Summary reports denial of service attacks targeting a vulnerability in the Microsoft TCP/IP stack. We have received reports from a number of sites and incident response teams indicating that a large number of machines were affected. The attacks involve sending a pair of malformed IP fragments which are reassembled into an invalid UDP datagram. The invalid UDP datagram causes the target machine to go into an unstable state. Once in an unstable state, the target machine either halts or crashes. We have received reports that some machines crashed with a blue screen while others rebooted. Attack tools known by such names as NewTear, Bonk, and Boink have been previously used to exploit this vulnerability against individual hosts; however, in this instance, the attacker used a modified tool to automatically attack a large number of hosts. The solution to protect Windows 95 and NT machines from this attack is to apply the appropriate Microsoft patch. The Microsoft patch, as well as more information about the vulnerability, can be found in the January 1998 Microsoft Market Bulletin entitled, "New Teardrop-like TCP/IP Denial of Service Program" available from: http://www.microsoft.com/security/newtear2.htm Although the first instance of this attack, which started March 2, 1998 appears to be over, keep in mind that the tools to launch this attack are now available and we expect to see more incidents of this type. - --------------------------------------------------------------------------- How to Contact the CERT Coordination Center Email cert () cert org Phone +1 412-268-7090 (24-hour hotline) CERT personnel answer on business days 8:30-5:00 p.m. EST (GMT-5)/EDT(GMT-4), and are on call for emergencies during other hours. Fax +1 412-268-6989 Postal address CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh PA 15213-3890 USA To be added to our mailing list for CERT advisories and bulletins, send your email address to cert-advisory-request () cert org In the subject line, type SUBSCRIBE your-email-address CERT advisories and bulletins are posted on the USENET news group comp.security.announce CERT publications, information about FIRST representatives, and other security-related information are available for anonymous FTP from http://www.cert.org/ ftp://ftp.cert.org/pub/ If you wish to send sensitive incident or vulnerability information to CERT staff by electronic mail, we strongly advise you to encrypt your message. We can support a shared DES key or PGP. Contact the CERT staff for more information. Location of CERT PGP key ftp://ftp.cert.org/pub/CERT_PGP.key - --------------------------------------------------------------------------- Copyright 1998 Carnegie Mellon University. Conditions for use, disclaimers, and sponsorship information can be found in http://www.cert.org/legal_stuff.html and ftp://ftp.cert.org/pub/legal_stuff . If you do not have FTP or web access, send mail to cert () cert org with "copyright" in the subject line. * CERT is registered in the U.S. Patent and Trademark Office. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBNP2ZWnVP+x0t4w7BAQEqhQP/QDajvNSm4GFYeQlV9IZsgGCce6Q299wq zaJfeINKgKgsrJNr0aZPwlQh/Px/yfxsR1XmDj2uUEC/h3vN+kkfMT10BYwD9LPk iKJZ1HqXNfydksuaVdjsAaCUwTYLW7guNPrkufDB3dvo05CODTx4PjP/4a/l3vbj 5f7rb+kwSQQ= =gjWg -----END PGP SIGNATURE-----
Current thread:
- Re: strcpy versus strncpy, (continued)
- Re: strcpy versus strncpy Chris L. Mason (Mar 03)
- Re: strcpy versus strncpy Mark Whitis (Mar 04)
- Re: strcpy versus strncpy Andy Church (Mar 02)
- Re: strcpy versus strncpy Edwin Li-Kai Liu (Mar 03)
- Re: strcpy versus strncpy Ben Laurie (Mar 03)
- Re: strcpy versus strncpy Chris L. Mason (Mar 03)
- Re: strcpy versus strncpy der Mouse (Mar 04)
- Re: strcpy versus strncpy Aleph One (Mar 04)
- Re: strcpy versus strncpy Aleph One (Mar 04)
- Re: strcpy versus strncpy Aleph One (Mar 04)
- Re: strcpy versus strncpy Aleph One (Mar 04)
- Re: strcpy versus strncpy der Mouse (Mar 05)
- Re: strcpy versus strncpy Nick Maclaren (Mar 05)
- Re: strcpy versus strncpy Steve Bellovin (Mar 05)
- Re: strcpy versus strncpy Paul McNabb (Mar 05)
- Re: strcpy versus strncpy Chris L. Mason (Mar 03)