Date: Wed, 5 May 1999 00:35:35 -0400 (EDT) From: The Tech-Admin Dude <geniusj@phoenix.unacom.com> To: Don Lewis <Don.Lewis@tsc.tdk.com> Cc: Warner Losh <imp@harmony.village.org>, Darren Reed <avalon@coombs.anu.edu.au>, freebsd-security@FreeBSD.ORG Subject: Re: freebsd mbuf crash Message-ID: <Pine.BSF.4.10.9905050035280.38106-100000@phoenix.unacom.com> In-Reply-To: <199905050003.RAA06539@salsa.gv.tsc.tdk.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Raise NMBCLUSTERS in kernel config file On Tue, 4 May 1999, Don Lewis wrote: > On May 4, 3:03pm, Warner Losh wrote: > } Subject: Re: freebsd mbuf crash > } In message <199905041526.BAA29421@cheops.anu.edu.au> Darren Reed writes: > } : is this one (below) taken care of ? perhaps a derivitice of this ? > } > } What's it supposed to do? I can't get it to cause any grief on my > } -current system, nor on the 3.1-stable based systems we have here at > } work. > > I believe this was fixed by version 1.103 of sys/netinet/ip_input.c. > This change was made shortly after 3.0-RELEASE. > > The original exploit code only ran correctly on Linux (and nuked FreeBSD > machines). It didn't do anything interesting when run under FreeBSD, because > the byte order of various IP headers sent on raw sockets differs between > Linux and FreeBSD. This caused various sanity checks in the FreeBSD stack > to toss the packet instead of sending it. If you tweak the byte order in > the exploit code, you can get it to run under FreeBSD and crash vulnerable > FreeBSD machines. > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.9905050035280.38106-100000>