OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Bugtraq archives for 4th quarter (Oct-Dec) 1997: Re: Linux IP fragment overlap bug

Re: Linux IP fragment overlap bug

David LeBlanc (dleblancMINDSPRING.COM)
Fri, 14 Nov 1997 22:52:31 -0500

At 07:01 PM 11/14/97 +0300, Vadim Kolontsov wrote:
>Hi,

>On Thu, Nov 13, 1997 at 10:06:15PM -0800, G P R wrote:

>>     Oh, by the way, NT/95 appear to have the bug also.  Try sending 10 -
15 of
>> these fragment combos to an NT/95 machine.

>  This bug doesn't fixed by Service Pack #3, but it seems like SP3 +
>"simply-tcp" patch fixes this bug (thanks for Serge Solopov, serjportal.ru).
>It's funny -  'simply-tcp' was intended to fix another bug (see below).

It may be the previous icmp-fix (ssping) that fixes the problem.  Oddly
enough, NT with no patches at all isn't vulnerable to this.  I haven't
quite sorted out exactly where the problem starts and stops, but I do know
no patches and full patches aren't bothered by it.


David LeBlanc           |Why would you want to have your desktop user,
dleblancmindspring.com |your mere mortals, messing around with a 32-bit
                        |minicomputer-class computing environment?
                        |Scott McNealy