[1912] in SIPB_Linux_Development
FYI: New attack on Linux (and Windows) machines
daemon@ATHENA.MIT.EDU (Emil Sit)
Mon Nov 17 04:14:50 1997
To: linux-announce@MIT.EDU, linux-help@MIT.EDU
Cc: cfyi@MIT.EDU, linux-dev@MIT.EDU
Reply-To: linux-help@MIT.EDU
Date: Mon, 17 Nov 1997 04:11:30 EST
From: Emil Sit <sit@MIT.EDU>
-----BEGIN PGP SIGNED MESSAGE-----
A bug in the Linux kernel was recently discovered which allows
a malicious user to *remotely* reboot or halt the machine. Windows 95
and Windows NT machines are also somewhat susceptible to this bug. The
details of this bug have been made available on the Internet and
hackers have begun to actively exploit it. If your machine mysteriously
rebooted or froze on Sunday, it is likely that someone used the exploit
on your machine.
A patch to the Linux kernel sources which fixes this bug has been
made available. You can retrieve this patch via a link on:
http://www.linux.org/
The file to patch would be /usr/src/linux/net/ipv4/ip_fragment.c.
Unfortunately, to make use of this patch, you will need to recompile
a kernel. The default Linux-Athena installation does not come
with the complete kernel sources.
We anticipate that RedHat will release an upgrade to the kernel package
to provide users with a simple way of immunizing themselves from
this bug. If that occurs, mail will be sent here again with information
on how to retrieve and install it. Until then, you will either have to
recompile your kernel manually or wait. If you do not feel comfortable
playing with your kernel, you will probably want to save your work
more often. We apologize for the lack of a better solution at
this time. (If it becomes a major problem and RH doesn't deal, we
will probably release something to deal with it.)
One side effect that may result from the uncontrolled shutdown of your
machine via this bug is that your AFS cache may become corrupted.
The standard fix for that is to clear your AFS cache. To do so:
* reboot the machine.
* at the LILO prompt, type: linux single
(replace linux with whatever you type to boot into linux)
* at the bash# prompt, type:
# cd /usr/vice/cache
# rm -f *
* press control-d.
If you have any questions or comments, please direct them to linux-help.
- --
Emil Sit / Bronx Science '95, MIT '99 -- ESG, SIPB, Athena Consulting
PGP KeyID: 0xE63561E9 / Fingerprint: A68FD0693EDABA19 2671EC1F22498F58
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQBVAwUBNHAKQiWuZ7zmNWHpAQH/DwH5AeP8X3K4ZvMLHxc/SdsD2Vf1mpBCT/Ai
/dYShZrdjCBYaqZhVOFL/OLVUL6rpTXLiUTUIm5rw1cvWOKv9dl9tw==
=Lgrk
-----END PGP SIGNATURE-----
