Date: Mon, 21 Oct 1996 08:08:56 -0400 (EDT) From: Jeremy Sigmon <jsigmon@www.hsc.wvu.edu> To: hackers@freebsd.org Subject: Re: BoS: Urgent !! Serious Linux Security Bug.... (fwd) Message-ID: <Pine.BSF.3.91.961021080818.5779B-100000@www.hsc.wvu.edu>
next in thread | raw e-mail | index | archive | help
Date: Sun, 20 Oct 1996 21:14:42 -0400
From: Eli Burke <eburke@cslab.vt.edu>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
Subject: Re: BoS: Urgent !! Serious Linux Security Bug....
> cy>> > Today we saw an email from Linus Torvalds advising of a problem
> cy>> >with Linux and ping. Basically you can reboot a linux box remotely if
> cy>> >some scenario's are right. From what we can tell and this has all been
> cy>> >verified is: If anyone in the world with a Windows 95 machine can ping
> cy>> >your Linux box they can potentially reboot that machine..
> cy>>
> cy>> Yes, but this attack another machines, AIX for example.
> cy>I just tested this against FreeBSD 2.1.5. The machine under attack,
> cy>a 486SX/25, got was for a while but recovered quite nicely.
>
> My Friend tested in this machines:
> > 1) Reboot: OSF/1 3.2C, Solaris2.4 x86
> > 2) Ignored: *BSD, SunOS4.1.x, IOS, AIX3.2.5, VMS e Solaris 2.4
> > Sparc, Irix.
> > 3) Respond: M$ e OS/2
> > 4) Crash: Linux, AIX4, OSF <= 3.2C and AIX3.2.5 on Token-ring.
I tested this under OSF/1 3.2 and had no problems. Same for DUnix 4.0,
Ultrix 4.4, Windows NT 4.0 (server and workstation), and FreeBSD 2.1.5.
FreeBSD was the only one that showed any symptoms; the network card stopped
responding for about two minutes, but I could belive that to be the fault of
the lousy intel etherexpress driver.
--
Eli Burke
eburke@vt.edu
http://csugrad.cs.vt.edu/~eburke/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.961021080818.5779B-100000>