[2254] in RedHat Linux List
Fwd: System crashes may be due to ping
daemon@ATHENA.MIT.EDU (Joseph Kotran)
Fri Nov 1 17:32:30 1996
Date: Fri, 01 Nov 1996 16:29:47 -0500
From: Joseph Kotran <jkotran@atl.lmco.com>
To: redhat-list@redhat.com
Resent-From: redhat-list@redhat.com
Reply-To: redhat-list@redhat.com
This is a multi-part message in MIME format.
--------------5DC7502DCA206E620E09987
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Hello,
This was forwarded to me from one of the guys I work with. I thought
that you might like to know. If someone has a patch for Linux to stop
this please let the rest of us know.
Best wishes,
--
Joseph Kotran Lockheed Martin
Systems Administrator Advanced Technology Laboratories
Phone: 609.338.4327 1 Federal St. A&E Bld. 3W
jkotran@atl.lmco.com Camden, NJ 08102
--------------5DC7502DCA206E620E09987
Content-Type: message/rfc822
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Return-Path: <jchan@atl.lmco.com>
Received: from bullwinkle (jchan@bullwinkle [166.20.232.203]) by enterprise.ATL.LMCO.COM (8.8.2/8.8.2) with SMTP id RAA16461; Fri, 1 Nov 1996 17:21:37 -0500 (EST)
Sender: jchan
Message-ID: <327A77A0.AEC@atl.lmco.com>
Date: Fri, 01 Nov 1996 17:20:16 -0500
From: "John J. Chan" <jchan@atl.lmco.com>
Organization: Lockheed Martin Advanced Technology Laboratories
X-Mailer: Mozilla 3.0 (X11; I; SunOS 5.5.1 sun4m)
MIME-Version: 1.0
To: jkotran
Subject: [Fwd: System crashes may be due to ping]
Content-Type: multipart/mixed; boundary="------------40FC559722F2"
This is a multi-part message in MIME format.
--------------40FC559722F2
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
--
////
(- -)
+--------------------------oOO--(_)--OOo-------------------------------+
John J. Chan
Computer Operations
jchan@atl.lmco.com
(609)-338-2105
--------------40FC559722F2
Content-Type: message/rfc822
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Return-Path: <bond@cpc.lmms.lmco.com>
Received: from orl.lmco.com (theopolis.orl.mmc.com [141.240.10.10]) by enterprise.ATL.LMCO.COM (8.8.2/8.8.2) with SMTP id PAA11578 for <unix_admins@atl.lmco.com>; Fri, 1 Nov 1996 15:43:00 -0500 (EST)
Received: from franklin.vf.lmco.com by orl.lmco.com (4.1/1.34.a)
id AA23705; Fri, 1 Nov 96 15:41:21 EST
Received: from cpc.lmms.lmco.com ([166.24.8.43]) by franklin.vf.lmco.com (8.7.6/8.7.3) with SMTP id PAA11911 for <unix-admin@orl.mmc.com>; Fri, 1 Nov 1996 15:41:19 -0500 (EST)
Received: by cpc.lmms.lmco.com (4.1/LMCO SunOS Server Domain-1.2)
id AA21297; Fri, 1 Nov 96 15:41:17 EST
Date: Fri, 1 Nov 96 15:41:17 EST
From: bond@cpc.lmms.lmco.com (William D. Bond)
Message-Id: <9611012041.AA21297@cpc.lmms.lmco.com>
To: unix-admin@orl.lmco.com
Subject: System crashes may be due to ping
First surfaced in a Linux-kernel mailing list, it turns out
that many, many Unix systems, printers, Macintoshes, etc., etc
are vulnerable to a problem caused by a simple ping with a larger
than allowed length. Most systems crash when trying to reassemble
the fragmented ICMP request if the length exceeds 65535.
Apparently SunOs and Solaris are safe, but fer sure HP 700 or 800
series machines running 9.x and 10.x crash.
It used to take a home brew program to concoct such an illegal ping,
but Microsoft apparently forgot to check the length in Windows 95 and NT 4.0,
so, from such a machine simply do
ping -l 65510 your.host.ip.address
to see if it's vulnerable -- CAUTION, it will most likely crash...
HP patch info is available at
http://us.external.hp.com/digests/bin/wwwdisp_digests.pl?DISP_FIL=export/digests/security_info&TITLE=Security+Bulletins#HPSBUX96010-040
and an ongoing accumulation of vulnerability information is being maintained
by Mike Bremford at
http://www.sophist.demon.co.uk/ping/
Evidently users are beginning to try it, just to see if it works.
Good luck,
Bill
--------------40FC559722F2--
--------------5DC7502DCA206E620E09987--
--
PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
________________________________________________________________________
http://www.redhat.com/RedHat-FAQ http://www.redhat.com/RedHat-Errata
http://www.redhat.com/RedHat-Tips http://www.redhat.com/mailing-lists
------------------------------------------------------------------------
To unsubscribe: mail -s unsubscribe redhat-list-request@redhat.com < /dev/null
