Bugtraq mailing list archives

Re: The overlapping fragment bug


From: paulle () MICROSOFT COM (Paul Leach)
Date: Fri, 14 Nov 1997 19:54:17 -0800


July 1, 1997

ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40/hotfixes-po
stSP3/icmp-fix/

Which is incorporated with other TCP related fixes at:

ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40/hotfixes-po
stSP3/simptcp-fix/

----------
From:         Alan Cox[SMTP:alan () LXORGUK UKUU ORG UK]
Reply To:     Alan Cox
Sent:         Friday, November 14, 1997 11:54 AM
To:   BUGTRAQ () NETSPACE ORG
Subject:      The overlapping fragment bug

Well after some testing its quite effective against Linux [fix
available and will be in 2.0.32 as standard], NT, 95, Win 3.11
and also a couple of others it seems - DOS Novell TCP/IP and
PCNFS 4.0 (reportedly). BSD derived stacks, various routers, Solaris
MacOS and HP/UX all seem fine.

The actual exploit can also be slightly improved. Make it a tcp frame,
make the destination port 80 and it goes through most firewalls like
a bullet through cheese and seems to keep its effectiveness.

You can screen the stuff behind a firewall if your firewall reassembles
fragments (and is of course itself not vulnerable 8)).

Any news on the microsoft fix expected date/times ?

Alan




Current thread: