[3513] in bugtraq
Re: Urgent !! Serious Linux Security Bug....
daemon@ATHENA.MIT.EDU (Jason T. Luttgens)
Sun Oct 20 20:11:15 1996
Date: Sun, 20 Oct 1996 18:30:13 +0900
Reply-To: "Jason T. Luttgens" <luttgenj@kic.or.jp>
From: "Jason T. Luttgens" <luttgenj@kic.or.jp>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
Apparently on my Solaris 2.5 & 2.5.1 box, all I get is "Request timed =
out" in Windows95......no immediate noticeable effect on the Solaris =
boxes, although I did not look very closely.........
----------
From: The Cowzilla Man[SMTP:cowzilla@GWBBS.NORTHEAST.NET]
Sent: Sunday, October 20, 1996 9:50 AM
To: Multiple recipients of list BUGTRAQ
Subject: Re: Urgent !! Serious Linux Security Bug....
People might also be interested to know that this works against AIX =
hosts
too...
I have a few questions that i hope people on the list can answer:
1. Would it be possible to send icmp packets of size 65508 or more from =
a
linux machine? (possibly send out faked fragmented packets from raw =
sockets?)
2. What causes linux to reboot/freeze? If it is because the data from =
the
packet is overwriting portions of the kernel, could this be exploited to
an attacker's advantage? (and how?)
3. What other unixes exhibit this kind of behaviour with super large =
packets?
-Cowzilla
On Sat, 19 Oct 1996, Jake the Prince wrote:
> Hi,
>
> Today we saw an email from Linus Torvalds advising of a =
problem
> with Linux and ping. Basically you can reboot a linux box remotely if
> some scenario's are right. From what we can tell and this has all =
been
> verified is: If anyone in the world with a Windows 95 machine can ping
> your
> Linux box they can potentially reboot that machine.. Hence a serious
> denial of service OR loss of data.
>
> Scenario:
>
> Win95 user types 'ping -l 65510 host.running.linux'.
>
> Result:
>
> That machine reboots OR freezes.
>
> On the Linux machine, you need to be running kernel version 2.0.7(It's
> the
> lowest we run) up to version 2.0.20(The highest we're running).
>
> With ping you can use value 65508-65527.
>
> We have extensively tested both of these.
>
> I'm sure there are thousands of Linux systems that could be affected.
>
> There IS a BETA patch out and it DOES work.. If you don't have that
> patch
> code as of yet, it's attached.
>
> Cyaz
>
> Jake The Prince
>
> PS..... Thanks to whoever found this serious bug...
> -
>
> /-----------------------------------------------------------\
> | I have just one \|/ ____ \|/ |
> | thing to say... ~@-/ oO \-@~ Neener, neener, neener. |
> | /_( \__/ )_\ |
> | \__U_/ |
> | |
> | -*- Opp -*- (usa@win95.com) -*- USA_Direkt -*- |
> \-----------------------------------------------------------/
>
