The overlapping fragment bug

Alan Cox (alan@LXORGUK.UKUU.ORG.UK)
Fri, 14 Nov 1997 19:54:00 +0000 (GMT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Charles M. Hannum: "Re: Pentium bug workaround in NetBSD (was Re: Intel Pentium Bug: BSDI"
Previous message: Vadim Kolontsov: "Re: Linux IP fragment overlap bug"
Next in thread: Paul Leach: "Re: The overlapping fragment bug"

Well after some testing its quite effective against Linux [fix
available and will be in 2.0.32 as standard], NT, 95, Win 3.11
and also a couple of others it seems - DOS Novell TCP/IP and
PCNFS 4.0 (reportedly). BSD derived stacks, various routers, Solaris
MacOS and HP/UX all seem fine.

The actual exploit can also be slightly improved. Make it a tcp frame,
make the destination port 80 and it goes through most firewalls like
a bullet through cheese and seems to keep its effectiveness.

You can screen the stuff behind a firewall if your firewall reassembles
fragments (and is of course itself not vulnerable 8)).

Any news on the microsoft fix expected date/times ?

Alan

Next message: Charles M. Hannum: "Re: Pentium bug workaround in NetBSD (was Re: Intel Pentium Bug: BSDI"
Previous message: Vadim Kolontsov: "Re: Linux IP fragment overlap bug"
Next in thread: Paul Leach: "Re: The overlapping fragment bug"