Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: unused bit attack alert
From: vern () EE LBL GOV (Vern Paxson)
Date: Mon, 21 Feb 2000 14:36:17 PST


LigerTeam, strongly propose inserting of
solution code before the computing of flag
variable.

  flag = flags & 0x3f;

The more robust fix is to systematically test for TCP flags by masking
to the value being tested.  For example:

        #define TEST_FLAGS(flags, mask) (((flags) & (mask)) == (mask))

Otherwise you are still vulnerable to attackers setting legitimate flags
in bogus combinations, such as adding URG to a SYN.

                Vern


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]