Date: Thu, 20 Nov 1997 12:34:05 -0500 (EST) From: Robert Watson <robert@cyrus.watson.org> To: freebsd-security@freebsd.org Subject: Re: new TCP/IP bug in win95 (fwd) Message-ID: <Pine.BSF.3.96.971120123300.11500B-100000@cyrus.watson.org>
next in thread | raw e-mail | index | archive | help
This seems relevant, although no doubt by the time this arrives, others will have managed to foward this to the list :) Have not confirmed results, don't have any machines localy that I can afford to blow away. Robert N Watson Junior, Logic+Computation, Carnegie Mellon University http://www.cmu.edu/ Network Administrator, SafePort Network Services http://www.safeport.com/ robert@fledge.watson.org rwatson@safeport.com http://www.watson.org/~robert/ ---------- Forwarded message ---------- Date: Thu, 20 Nov 1997 09:48:02 -0600 From: Aleph One <aleph1@DFW.NET> To: BUGTRAQ@NETSPACE.ORG Subject: Re: new TCP/IP bug in win95 Lots of mail this morning concerning this issue. I'll summarize. Window for Workgroups 3.11 IS vulnerable. Windows 95 without Winsock2 and the VIP update IS vulnerable. Windows 95 with Winwosk 2 and the VIP update is NOT vulnerable. NT 4.0 with no Service Packs and Hot-Fixes IS vulnerable. NT 4.0 with Service Pack 3 goes to 100% CPU for about a minute and then goes back to normal. NT 4.0 with Service Pack 3 with all the hot-fixes (simpletcp+icmp) is NOT vulnerable. NeXTSTEP 3.0 IS reported as vulnerable. FreeBSD 2.2.5 IS reported as vulnerable. Linux 2.0.32 is NOT vulnerable. If any of you find that this information is incorrect please let me know. In particular I would like people to double check FreeBSD, and test NetBSD, BSDI, and OpenBSDI. Also, please, when you are reporting an affected OS include that exact version, patch level, serive packs, and hot-fixes installed. It is of no use is you simple state "it crashed NT". As John W. Temples <john@kuwait.net> pointed out this attack is rendered ineffective by filtering packets from the Internet through your gateway router which have source addresses on the network. Aleph One / aleph1@dfw.net http://underground.org/ KeyID 1024/948FD6B5 Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.971120123300.11500B-100000>