[3520] in bugtraq
Re: Urgent !! Serious Linux Security Bug....
daemon@ATHENA.MIT.EDU (Alan Cox)
Mon Oct 21 12:11:07 1996
Date: Mon, 21 Oct 1996 09:26:04 +0100
Reply-To: Alan Cox <coxa@cableol.net>
From: Alan Cox <coxa@cableol.net>
X-To: eherot@weblings.org
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
In-Reply-To: <3.0b36.32.19961019171451.00707194@tiac.net> from "James Cisco"
at Oct 19, 96 05:16:00 pm
> >On the Linux machine, you need to be running kernel version 2.0.7(It's
> >the
> >lowest we run) up to version 2.0.20(The highest we're running).
>
> Actually, I'm running 2.1.1 and it works on that as well...
It seems to work rather nicely on Digital Unix (some revisions), AIX,
Linux 2.0.x and Linux 2.1.x - has anyone tried it on NT ?
Ironically its a well known problem that is tested by the ip_send tool. It
just happened that the test tool I used didnt construct a packet with
a useful IP protocol field and it thus never hit the layer of
code that can't handle forged big packets.
As well as the patch quoted there is a slightly newer revision that
also happens to log who tried to blow up your computer.
Alan
