From owner-freebsd-security Mon Dec 4 19: 9:59 2000 From owner-freebsd-security@FreeBSD.ORG Mon Dec 4 19:09:54 2000 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from femail3.sdc1.sfba.home.com (femail3.sdc1.sfba.home.com [24.0.95.83]) by hub.freebsd.org (Postfix) with ESMTP id E23A037B401; Mon, 4 Dec 2000 19:09:54 -0800 (PST) Received: from cx443070b ([24.0.36.170]) by femail3.sdc1.sfba.home.com (InterMail vM.4.01.03.00 201-229-121) with SMTP id <20001205030832.ISTW18624.femail3.sdc1.sfba.home.com@cx443070b>; Mon, 4 Dec 2000 19:08:32 -0800 Message-ID: <002701c05e69$27ddfad0$aa240018@cx443070b> From: "Jeremiah Gowdy" To: "Alfred Perlstein" , Cc: References: <20001204172505.D8051@fw.wintelcom.net> Subject: A SECOND RAZOR/BINDVIEW ADVISORY !!! FreeBSD Admins ARE vulnerable !!! Date: Mon, 4 Dec 2000 19:12:09 -0800 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Topic: Network Administrator DoS vulnerabilities Overview: A class of vulnerabilities has been discovered, and the name LMAO is being used to describe them as a group. The LMAO vulnerabilities are weaknesses in the way that Razor restates the obvious and gets media attention. Affected Systems: Any and all Network Administrators who read Razor Advisories. Impact: By depriving the Network Administrator's brain of oxygen for an extended period of time, the admin's mental abilities may be reduced to levels even lower than their usual substandard state. This could result in even more work time spent on IRC than usual. Background: DoS A denial of service attack is a purposeful action to significantly degrade the quality and/or availability of services a system offers. DoS->OS Oxygen Starvation is a type of denial of service attack. DoS->OS->LAUGHING_STATE The Network Administrator has a diaphragm, which when exposed to Razor advisories, may activate uncontrollably causing possibly very serious damage due to lack of oxygen to the brain and possibly even more serious injures if the situation is severe enough to warrant a ROFL, because the transition from LMAO to LMFAO to ROFL usually involves the subject falling out of his or her chair. Details: LMAO is a demonstration of an efficient DoS->OS->LAUGHING_STATE exploit. It is efficient because it does not use traditional humor, involving things that are actually funny. Unlike a real joke, Razor Advisories are represented as being serious, which can actually increase the damage done to the Network Administrator. Here are a few examples of the many possible LMAO weaknesses: - FreeBSD Administrators, when told that too many connections to a port will consume resources, are immediately rendered useless as they quickly fall into the LMFAO state, very possibly resulting in a tipped chair, dumping the Admin onto the floor and there is even a remote possibility that the Admin's soft drink of choice is spilled on the floor, resulting in damages to the Administrator in the amount of $0.50 to $1.00 or more depending on how cheap the owners of said Administrator's company are. - Novel Netware Administrators, when told they are 45 years old, they have no life, and are using a product that should be quietly put to death, usually begin crying and are inconsolable for hours. The reason this qualifies as a LMAO attack is although the Netware Administrator is crying, all of the other Administrators who've been silently laughing at him for years are DoSed and unable to do their jobs resulting in a SMURF style LMAO attack. - Windows 2000 Administrators, usually MCSEs, are too busy trying to figure out what they paid $5,000 for and playing Solitaire to notice Razor Advisories. They seem to be invulnerable to this type of attack unless the Advisory is emailed to them with a VBS Trojan attachment. Recommendations: Unfortunately, most Administrators are vulnerable to LMAO attacks, and until some ignorance patches come out, there is very little that can be done outside of normal hiccup resolution practices. We do have a few recommendations: 1. Limit the amount of humorous emails the Administrator receives, because if the Administrator already has the hiccups when reading a Razor Advisory, the results can be fatal. 2. Limit who can speak to the Administrator using office partitions to avoid office humor. 3. Call the ISP and ask them to upstream filter all razor.bindview.com packets. 4. Replace the tile floors in the office with shag carpet for a much softer landing in the event of a LMFAO escalating to a ROFL. 5. Make certain that emergency hiccup stations are functioning properly, that the Administrator may quickly have a drink of water after reading Razor Advisories. References: CVE: The Common Vulnerabilities and Exposures (CVE) project has assigned the name LOL-31337 to this issue. CERT Advisory: http://www.cert.org/advisories/LOL-31337 Microsoft's Security Bulletin: http://www.microsoft.com/win2k Microsoft Security Patch http://www.microsoft.com/directx RFC 31337: http://www.faqs.org/rfcs/rfc31337.html "I can packet j00" security paper Author: ScriptHax0r http://razor.bindview/publish/papers/war-toolz.html "Strategies for getting your ISP to defend you after you've started a packet war" security paper Author: OopsIGotCaught http://razor.bindview.com/publish/papers/OhShit.html Snort, Sniff, Chew, Inject, but don't inhale. http://www.william-jefferson-clinton.com/depends-on-what-the-meaning-of-the- word-is-means.html Al Gore's voteserver: http://www.algore.com/cgi-bin/generatevotes.cgi?recount=YES BasharTeg's Forkbomb Process-Table Attack http://void.main.void/while/1/malloc/fork/disqualified/from/rootwars.html Stanislav's Script KiddieKill http://www.securityfocus.com/archive/101/ways-to-kill-a-script-kiddie.html Advisory Contact: advisory.lmao@razor.bindview.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message