Bugtraq mailing list archives
Re: The overlapping fragment bug
From: route () RESENTMENT INFONEXUS COM (G P R)
Date: Sat, 15 Nov 1997 19:25:50 -0800
[Philippe Strauss]
| Waht about the (over?) simple fix found in Linus's pre-patch-2.0.32-4.gz.maybe
| on funet? (ftp.kernel.org is down, coincidence :-/
|
The only problem with that one line fix (as compared to the patch I
released with the initial posting) is the fact that it catches the bug
after the offending fragment has been stored in the reassembly queue.
It discovers the problem when it attempts to reassemble the original
IP datagram.
My patch catches the fragment before it is ever added to the queue, and
invalidates the entire fragment list, freeing the entire list at that
point.
One good point Alan Cox brought up is the fact that the printk() could
consume a serious amount system resources if the attacker decided to
send a storm of such packets (and your linux machine is on a fast link).
Either remove it, or use solar designers security_alert() macro (or
something similar) to limit the frequency identical error messages will
be dumped. This macro can be found in his stack execution and symlink
patch kit.
--
[ guild | phrack | r00t ]
Current thread:
- Re: Safe /tmp cleanup, (continued)
- Re: Safe /tmp cleanup Erik Troan (Nov 13)
- Linux IP fragment overlap bug G P R (Nov 13)
- Re: Linux IP fragment overlap bug Alan Cox (Nov 14)
- Re: Linux IP fragment overlap bug Vadim Kolontsov (Nov 14)
- Re: Linux IP fragment overlap bug David LeBlanc (Nov 14)
- Re: Linux IP fragment overlap bug Morbid Dead Guy (Nov 16)
- Windows 95 IP Fragmentation Bug Fix? Aleph One (Nov 17)
- The Linux patch. G P R (Nov 14)
- The overlapping fragment bug Alan Cox (Nov 14)
- Re: The overlapping fragment bug Philippe Strauss (Nov 14)
- Re: The overlapping fragment bug G P R (Nov 15)
- Pentium processor invalid instruction erratum Aleph One (Nov 14)
- Software backgrounder Aleph One (Nov 14)
- BSDI patch for Pentium workaround has problems Charles M. Hannum (Nov 14)
- Re: L0pht Advisory: IE4.0 David LeBlanc (Nov 10)
- Re: L0pht Advisory: IE4.0 rene () NS VIA NL (Nov 11)
- Intel Pentium Bug: Workaround (1st lvl cache) Ralf Rudolph (Nov 11)
