From owner-freebsd-security  Mon Oct 21 14:10:07 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id OAA12257
          for security-outgoing; Mon, 21 Oct 1996 14:10:07 -0700 (PDT)
Received: from bitbucket.edmweb.com (bitbucket.edmweb.com [204.244.190.9])
          by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id OAA12211
          for <security@freebsd.org>; Mon, 21 Oct 1996 14:09:59 -0700 (PDT)
Received: (from steve@localhost) by bitbucket.edmweb.com (8.6.12/8.6.12) id OAA00219; Mon, 21 Oct 1996 14:09:47 -0700
Date: Mon, 21 Oct 1996 14:09:43 -0700 (PDT)
From: Steve Reid <steve@edmweb.com>
To: security@freebsd.org
Subject: [bugtraq] Serious Linux Security Bug
Message-ID: <Pine.BSF.3.91.961021134926.189B-100000@bitbucket.edmweb.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

This has been discussed on the Bugtraq list for a few days now, but I
haven't seen any talk of it here. 

There is no mention of the attack working against *BSD machines except for
one person running FreeBSD 2.1.5 who reported that his Intel EtherExpress
card stopped working for a couple of minutes. 

The attack is simple. From a Win95 box, 
ping -l 65510 buggyhost
and it can crash or reboot some OSs. Very nasty. 

Has anyone checked the FreeBSD kernel to make sure that we're not
vulnerable? 


---------- Forwarded message ----------
Date: Mon, 21 Oct 1996 09:26:04 +0100
From: Alan Cox <coxa@cableol.net>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
Subject: Re: Urgent !! Serious Linux Security Bug....

> >On the Linux machine, you need to be running kernel version 2.0.7(It's
> >the
> >lowest we run) up to version 2.0.20(The highest we're running).
>
> Actually, I'm running 2.1.1 and it works on that as well...

It seems to work rather nicely on Digital Unix (some revisions), AIX,
Linux 2.0.x and Linux 2.1.x - has anyone tried it on NT ?

Ironically its a well known problem that is tested by the ip_send tool. It
just happened that the test tool I used didnt construct a packet with
a useful IP protocol field and it thus never hit the layer of
code that can't handle forged big packets.

As well as the patch quoted there is a slightly newer revision that
also happens to log who tried to blow up your computer.

Alan