Home page logo

bugtraq logo Bugtraq mailing list archives

Re: IGMP fragmentation bug
From: aleph1 () SECURITYFOCUS COM (Aleph One)
Date: Tue, 13 Jul 1999 00:13:47 -0700

Summary of the responses to this query. It seems the vulnerability can't
be reproduces reliably in all instances. Try running the exploits
for several minutes. Successful results have been obtained across a LAN
as well as over the Internet. The result can vary from rebooting
the machine, blue screen of death or killing networking.

Several exploits have been produced, including kod, kox, pimp, moyari13,
misfrag, faux and bengay. If you can't reproduce the vulnerability with
one try another. All version of Windows 95 and 98 are believed to be
vulnerable (standard, OEM, SE, other languages).

The are reports of Windows 200 Advance Server Beta 3, Professional Beta 3
and Server Beta 3 being vulnerable. The are mixed reports of Windows 2000
build 2000 being vulnerable. The is at least one report that Windows 2000
build 2070 is not vulnerable. At least one report claims that Windows NT 4.0
SP4 is vulnerable but others have reported otherwise.

Elias Levy
Security Focus

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]