[1258] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Re: [linux-alert] URGENT: Bug in linux networking stack

daemon@ATHENA.MIT.EDU (Alan Cox)
Thu Oct 24 19:57:57 1996

From: Alan Cox <alan@cymru.net>
To: david@kalifornia.com (zero cool)
Date: Tue, 22 Oct 1996 15:45:13 +0100 (BST)
Cc: alan@cymru.net, linux-announce@stc06.ctd.ornl.gov, cert@cert.org,
        juphoff@tarsier.cv.nrao.edu, linux-alert@tarsier.cv.nrao.edu,
        linux-security@tarsier.cv.nrao.edu
In-Reply-To: <Pine.LNX.3.95.961022071211.21125A-100000@james.kalifornia.com> from "zero cool" at Oct 22, 96 07:13:29 am

> This patch does *NOT* prevent this situation from occuring completely.  It
> is still possible to crash a linux machine with an oversized ping.

Well I dont think its quite that. The latest 'extended edition' patch
on the site should fix both the oversized patch bugs and another 2.0.x
bug that showed up due to a bug in a hacking tool meant to send oversize
packets.

The new version breaks binary module compatibility - I had no choice.

Alan

home help back first fref pref prev next nref lref last post