[11002] in bugtraq
Re: IGMP fragmentation bug
daemon@ATHENA.MIT.EDU (Aleph One)
Tue Jul 13 03:31:32 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <19990713001347.O77613@securityfocus.com>
Date: Tue, 13 Jul 1999 00:13:47 -0700
Reply-To: 19990709060359.99333.qmail@securityfocus.com
From: Aleph One <aleph1@SECURITYFOCUS.COM>
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
Summary of the responses to this query. It seems the vulnerability can't
be reproduces reliably in all instances. Try running the exploits
for several minutes. Successful results have been obtained across a LAN
as well as over the Internet. The result can vary from rebooting
the machine, blue screen of death or killing networking.
Several exploits have been produced, including kod, kox, pimp, moyari13,
misfrag, faux and bengay. If you can't reproduce the vulnerability with
one try another. All version of Windows 95 and 98 are believed to be
vulnerable (standard, OEM, SE, other languages).
The are reports of Windows 200 Advance Server Beta 3, Professional Beta 3
and Server Beta 3 being vulnerable. The are mixed reports of Windows 2000
build 2000 being vulnerable. The is at least one report that Windows 2000
build 2070 is not vulnerable. At least one report claims that Windows NT 4.0
SP4 is vulnerable but others have reported otherwise.
--
Elias Levy
Security Focus
http://www.securityfocus.com/
