From owner-freebsd-security  Mon Oct 21 15:44:48 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id PAA19373
          for security-outgoing; Mon, 21 Oct 1996 15:44:48 -0700 (PDT)
Received: from circle.net (demeter.circle.net [207.79.160.41])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id PAA19365
          for <security@FreeBSD.org>; Mon, 21 Oct 1996 15:44:41 -0700 (PDT)
Received: (from troy@localhost) by circle.net (8.7.5/8.7.3) id SAA18513; Mon, 21 Oct 1996 18:43:08 -0400 (EDT)
Date: Mon, 21 Oct 1996 18:43:08 -0400 (EDT)
From: Troy Arie Cobb <troy@circle.net>
To: security@FreeBSD.org
Subject: Re: [bugtraq] Serious Linux Security Bug
In-Reply-To: <Pine.NEB.3.95.961021155902.164A-100000@glacier.cold.org>
Message-ID: <Pine.BSF.3.91.961021184116.18242B-100000@demeter.circle.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-security@FreeBSD.org
X-Loop: FreeBSD.org
Precedence: bulk

On Mon, 21 Oct 1996, Brandon Gillespie wrote:

> Date: Mon, 21 Oct 1996 16:00:20 -0600 (MDT)
> From: Brandon Gillespie <brandon@glacier.cold.org>
> To: Steve Reid <steve@edmweb.com>
> Cc: security@FreeBSD.org
> Subject: Re: [bugtraq] Serious Linux Security Bug
> 
> On Mon, 21 Oct 1996, Steve Reid wrote:
> > This has been discussed on the Bugtraq list for a few days now, but I
> > haven't seen any talk of it here. 
> > 
> > There is no mention of the attack working against *BSD machines except for
> > one person running FreeBSD 2.1.5 who reported that his Intel EtherExpress
> > card stopped working for a couple of minutes. 
> > 
> > The attack is simple. From a Win95 box, 
> > ping -l 65510 buggyhost
> > and it can crash or reboot some OSs. Very nasty. 
> > 
> > Has anyone checked the FreeBSD kernel to make sure that we're not
> > vulnerable? 
> 
> I just tried this (from w95) against a FreeBSD 2.1.5 box and a 2.1.0 box,
> both had no problems.  Of course, I'm not sure if the ping ran correctly,
> it returned:
> 
> Request timed out.
> 
> Instead.  It does work without the '-l 65510' args.

Ditto.  But watching on the FBsd box when it happened I noticed
that most of the network MBUFS filled up, caused the machine
to stutter for a brief seccond and then flushed it.  I'd guess that
it triggers a fringe condition in the somewhat poor networking code
in Linux.  Ugly.  

Glad to be on FreeBSD,
- troy

Troy Arie Cobb
troy@circle.net

 ------------------------------------------------------
| Circle Net, Inc.       |  global internet access     |
| http://www.circle.net  |  for western north carolina |
| info@circle.net        |  and beyond...              |
| 704-254-9500           |                             |
 ------------------------------------------------------