[5662] in bugtraq
"LAND" Attack Update
daemon@ATHENA.MIT.EDU (Aleph One)
Thu Nov 20 18:59:04 1997
Date: Thu, 20 Nov 1997 15:23:29 -0600
Reply-To: Aleph One <aleph1@DFW.NET>
From: Aleph One <aleph1@DFW.NET>
To: BUGTRAQ@NETSPACE.ORG
This test where againts the "land" attack. This is _NOT_ about "teardrop".
BSDI 2.1 (vanilla) IS vulnerable
BSDI 2.1 (K210-021,K210-022,K210-024) NOT vulnerable
BSDI 3.0 NOT vulnerable
Digital UNIX 4.0 NOT vulnerable
FreeBSD 2.2.2-RELEASE IS vulnerable
FreeBSD 2.2.5-RELEASE IS vulnerable
FreeBSD 2.2.5-STABLE IS vulnerable
FreeBSD 3.0-CURRENT IS vulnerable
HP-UX 10.20 IS vulnerable
IRIX 6.2 NOT vulnerable
Linux 2.0.30 NOT vulnerable
Linux 2.0.32 NOT vulnerable
MacOS 8.0 IS vulnerable (TCP/IP stack crashed)
NetBSD 1.2 IS vulnerable
NeXTSTEP 3.0 IS vulnerable
NeXTSTEp 3.1 IS vulnerable
Novell 4.11 NOT vulnerable
OpenBSD 2.1 IS vulnerable
OpenBSD 2.2 (Oct31) NOT vulnerable
SCO OpenServer 5.0.4 NOT vulnerable
Solaris 2.5.1 IS vulnerable (conflicting reports)
SunOS 4.1.4 IS vulnerable
Windows 95 (vanilla) IS vulnerable
Windows 95 + Winsock 2 + VIPUPD.EXE IS vulnerable
Some misc stuff:
Ascend Pipeline 50 rev 5.0Ap13 NOT vulnerable
NCD X Terminals, NCDWare v3.2.1 IS vulnerable
LaserJet Printer NOT vulnerable
We got reports that applying the VTCPUPD update (originally the OOB attack
update) when applied to Windows 95 running Winsock 2 fixes the problem.
You may want to try it. You can download Vtcpupd.exe you
http://support.microsoft.com/download/support/mslfiles/Vtcpupd.exe
Thanks to Gonzo Granzeau <bygranz@rs6000.cmp.ilstu.edu> for pointing
out the Windows 95 possible fix. Thanks to everyone else (to many to
mention).
Aleph One / aleph1@dfw.net
http://underground.org/
KeyID 1024/948FD6B5
Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01
