[5663] in bugtraq

home help back first fref pref prev next nref lref last post

Re: "LAND" Attack Update

daemon@ATHENA.MIT.EDU (Ian C. Reandeau)
Thu Nov 20 19:31:23 1997

Date: 	Thu, 20 Nov 1997 14:58:54 -0800
Reply-To: "Ian C. Reandeau" <Ianr@TENFORWARD.COM>
From: "Ian C. Reandeau" <Ianr@TENFORWARD.COM>
To: BUGTRAQ@NETSPACE.ORG

With some testing, it seems that the VTCPUPD update does seem to fix the problems
with 95 on port 139, on the other hand, if you have any other services running,
like FTP or HTTP, the machine can be crashed through those ports.

Aleph One wrote:

> This test where againts the "land" attack. This is _NOT_ about "teardrop".
>
> BSDI 2.1 (vanilla)                      IS  vulnerable
> BSDI 2.1 (K210-021,K210-022,K210-024)   NOT vulnerable
> BSDI 3.0                                NOT vulnerable
> Digital UNIX 4.0                        NOT vulnerable
> FreeBSD 2.2.2-RELEASE                   IS  vulnerable
> FreeBSD 2.2.5-RELEASE                   IS  vulnerable
> FreeBSD 2.2.5-STABLE                    IS  vulnerable
> FreeBSD 3.0-CURRENT                     IS  vulnerable
> HP-UX 10.20                             IS  vulnerable
> IRIX 6.2                                NOT vulnerable
> Linux 2.0.30                            NOT vulnerable
> Linux 2.0.32                            NOT vulnerable
> MacOS 8.0                               IS  vulnerable (TCP/IP stack crashed)
> NetBSD 1.2                              IS  vulnerable
> NeXTSTEP 3.0                            IS  vulnerable
> NeXTSTEp 3.1                            IS  vulnerable
> Novell 4.11                             NOT vulnerable
> OpenBSD 2.1                             IS  vulnerable
> OpenBSD 2.2 (Oct31)                     NOT vulnerable
> SCO OpenServer 5.0.4                    NOT vulnerable
> Solaris 2.5.1                           IS  vulnerable (conflicting reports)
> SunOS 4.1.4                             IS  vulnerable
> Windows 95 (vanilla)                    IS  vulnerable
> Windows 95 + Winsock 2 + VIPUPD.EXE     IS  vulnerable
>
> Some misc stuff:
>
> Ascend Pipeline 50 rev 5.0Ap13          NOT vulnerable
> NCD X Terminals, NCDWare v3.2.1         IS  vulnerable
> LaserJet Printer                        NOT vulnerable
>
> We got reports that applying the VTCPUPD update (originally the OOB attack
> update) when applied to Windows 95 running Winsock 2 fixes the problem.
> You may want to try it. You can download Vtcpupd.exe you
>
> http://support.microsoft.com/download/support/mslfiles/Vtcpupd.exe
>
> Thanks to Gonzo Granzeau <bygranz@rs6000.cmp.ilstu.edu> for pointing
> out the Windows 95 possible fix. Thanks to everyone else (to many to
> mention).
>
> Aleph One / aleph1@dfw.net
> http://underground.org/
> KeyID 1024/948FD6B5
> Fingerprint EE C9 E8 AA CB AF 09 61  8C 39 EA 47 A8 6A B8 01



--
==========================================
Ian C. Reandeau
Ten Forward Communications
http://www.tenforward.com
==========================================
Duct tape is like the force - it has a light side, a dark side, and is the stuff
that holds the universe together.
home help back first fref pref prev next nref lref last post