nanog mailing list archives

VU#464113 - TCP/IP implementations handle unusual flag combinations inconsistently

From: Ian Finlay <iaf () cert org>
Date: Thu, 20 Mar 2003 12:45:12 -0500 (EST)


Hello,

This may be old news to many, but I wanted to follow-up to the message I 
sent last October on this subject:

<http://www.merit.edu/mail.archives/nanog/2002-10/msg00519.html>

We have now published information about this issue here:

<http://www.kb.cert.org/vuls/id/464113>

We also have a few reports of possible exploitation. 

If you have feedback, please send mail to cert () cert org with VU#464113 in 
the subject header. 

Thanks to the NANOG community for prior feedback on this issue.

Regards,
Ian

Ian Finlay
Internet Systems Security Analyst - CERT/CC Operations 
Networked Systems Survivability Program
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
CERT (R) Coordination Center             Email: cert () cert org
Software Engineering Institute           WWW: http://www.cert.org
Carnegie Mellon University               Hotline: +1-412-268-7090
Pittsburgh, PA  USA  15213-3890          FAX: +1-412-268-6989
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Current thread:

VU#464113 - TCP/IP implementations handle unusual flag combinations inconsistently Ian Finlay (Mar 20)