Bugtraq mailing list archives
Re: traceroute as a flooder
From: des () IFI UIO NO (Dag-Erling Smorgrav)
Date: Mon, 15 Feb 1999 09:33:56 +0100
Kris Kennaway <kkennawa () PHYSICS ADELAIDE EDU AU> writes:
On Sat, 13 Feb 1999, Alfonso De Gregorio wrote:BTW, i've tested these bugs only on x86 boxes with the most diffused GNU/Linux distro: Debian, Slackware, RedHat (all of them with 2.0.34 kernel), and on an alpha with Digital Unix V4.0Just confirming that the first one seems to work on Digital Unix v3.2, and FreeBSD 4.0 as well (both using -w 2147483647). I didn't check the second one yet.
Fixed in FreeBSD 4.0-CURRENT, 3.1-STABLE and 2.2-STABLE as of now. The upcoming 3.1-RELEASE (to be released later today) will not be vulnerable. The attached patch should apply cleanly against most recent versions of FreeBSD (2.2 and up). To update your system, try the following (assuming you have the sources): # cd /usr/src/contrib/traceroute # patch traceroute.c <attached_patch # cd ../../usr.sbin/traceroute # make # make install DES -- Dag-Erling Smorgrav - des () ifi uio no Index: traceroute.c =================================================================== RCS file: /home/ncvs/src/contrib/traceroute/traceroute.c,v retrieving revision 1.5 retrieving revision 1.5.2.1 diff -u -r1.5 -r1.5.2.1 --- traceroute.c 1996/10/08 19:16:24 1.5 +++ traceroute.c 1999/02/15 08:24:08 1.5.2.1 @@ -732,6 +732,8 @@ wait.tv_sec = tp->tv_sec + waittime; wait.tv_usec = tp->tv_usec; (void)gettimeofday(&now, &tz); + if (wait.tv_sec < now.tv_sec + 1) + wait.tv_sec = now.tv_sec + 1; tvsub(&wait, &now); if (select(sock + 1, &fds, (fd_set *)0, (fd_set *)0, &wait) > 0)
Current thread:
- traceroute as a flooder Alfonso De Gregorio (Feb 12)
- Re: traceroute as a flooder Kris Kennaway (Feb 13)
- <Possible follow-ups>
- Re: traceroute as a flooder Dag-Erling Smorgrav (Feb 15)
- Re: traceroute as a flooder Curt Sampson (Feb 16)
- Inherent weaknesses in NT system policies mnemonix (Feb 03)
- Re: Inherent weaknesses in NT system policies Matt Hargett (Feb 19)
- Re: traceroute as a flooder Stefan `Sec` Zehl (Feb 18)
- Re: traceroute as a flooder Curt Sampson (Feb 18)
- Re: traceroute as a flooder Curt Sampson (Feb 16)