Bugtraq mailing list archives
The overlapping fragment bug
From: alan () LXORGUK UKUU ORG UK (Alan Cox)
Date: Fri, 14 Nov 1997 19:54:00 GMT
Well after some testing its quite effective against Linux [fix available and will be in 2.0.32 as standard], NT, 95, Win 3.11 and also a couple of others it seems - DOS Novell TCP/IP and PCNFS 4.0 (reportedly). BSD derived stacks, various routers, Solaris MacOS and HP/UX all seem fine. The actual exploit can also be slightly improved. Make it a tcp frame, make the destination port 80 and it goes through most firewalls like a bullet through cheese and seems to keep its effectiveness. You can screen the stuff behind a firewall if your firewall reassembles fragments (and is of course itself not vulnerable 8)). Any news on the microsoft fix expected date/times ? Alan
Current thread:
- What to do when you forget your cisco LD password..., (continued)
- What to do when you forget your cisco LD password... Dustin Sallings (Nov 13)
- Re: What to do when you forget your cisco LD password... John Bashinski (Nov 14)
- Re: Safe /tmp cleanup Erik Troan (Nov 13)
- Linux IP fragment overlap bug G P R (Nov 13)
- Re: Linux IP fragment overlap bug Alan Cox (Nov 14)
- Re: Linux IP fragment overlap bug Vadim Kolontsov (Nov 14)
- Re: Linux IP fragment overlap bug David LeBlanc (Nov 14)
- Re: Linux IP fragment overlap bug Morbid Dead Guy (Nov 16)
- Windows 95 IP Fragmentation Bug Fix? Aleph One (Nov 17)
- The Linux patch. G P R (Nov 14)
- The overlapping fragment bug Alan Cox (Nov 14)
- Re: The overlapping fragment bug Philippe Strauss (Nov 14)
- Re: The overlapping fragment bug G P R (Nov 15)
- Pentium processor invalid instruction erratum Aleph One (Nov 14)
- Software backgrounder Aleph One (Nov 14)
- BSDI patch for Pentium workaround has problems Charles M. Hannum (Nov 14)
- Re: L0pht Advisory: IE4.0 David LeBlanc (Nov 10)
- Re: L0pht Advisory: IE4.0 rene () NS VIA NL (Nov 11)
- Intel Pentium Bug: Workaround (1st lvl cache) Ralf Rudolph (Nov 11)