Bugtraq mailing list archives
Re: unused bit attack alert
From: vern () EE LBL GOV (Vern Paxson)
Date: Mon, 21 Feb 2000 14:36:17 PST
LigerTeam, strongly propose inserting of solution code before the computing of flag variable. flag = flags & 0x3f;
The more robust fix is to systematically test for TCP flags by masking to the value being tested. For example: #define TEST_FLAGS(flags, mask) (((flags) & (mask)) == (mask)) Otherwise you are still vulnerable to attackers setting legitimate flags in bogus combinations, such as adding URG to a SYN. Vern
Current thread:
- Re: unused bit attack alert Vern Paxson (Feb 21)
- Microsoft Security Bulletin (MS00-012) Microsoft Product Security (Feb 22)
- redhat 6.0: single user boot security hole Darren Reed (Feb 22)
- Re: unused bit attack alert antirez (Feb 23)
- Multiple vulnerabilities with Outblaze-based e-mail providers .sozni (Feb 23)
- SANE 2000 program details and registration - May 22-25, 2000 Fred Donck (Feb 25)
- DoSing the Netgear ISDN RT34x router. Swift Griggs (Feb 25)
- Re: DoSing the Netgear ISDN RT34x router. Mike Wade (Feb 25)
- <Possible follow-ups>
- Re: unused bit attack alert Mullen, Patrick (Feb 22)
- Re: unused bit attack alert Max Vision (Feb 23)
- Re: unused bit attack alert Max Vision (Feb 24)