Re: The overlapping fragment bug

paulleMICROSOFT.COM

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Philippe Strauss: "Re: The overlapping fragment bug"
• Previous message: David LeBlanc: "Re: Linux IP fragment overlap bug"
• Maybe in reply to: Alan Cox: "The overlapping fragment bug"
• Next in thread: Philippe Strauss: "Re: The overlapping fragment bug"

July 1, 1997

ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40/hotfixes-po
stSP3/icmp-fix/

Which is incorporated with other TCP related fixes at:

ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40/hotfixes-po
stSP3/simptcp-fix/

> ----------
> From:         Alan Cox[SMTP:alanLXORGUK.UKUU.ORG.UK]
> Reply To:     Alan Cox
> Sent:         Friday, November 14, 1997 11:54 AM
> To:   BUGTRAQNETSPACE.ORG
> Subject:      The overlapping fragment bug
>
> Well after some testing its quite effective against Linux [fix
> available and will be in 2.0.32 as standard], NT, 95, Win 3.11
> and also a couple of others it seems - DOS Novell TCP/IP and
> PCNFS 4.0 (reportedly). BSD derived stacks, various routers, Solaris
> MacOS and HP/UX all seem fine.
>
> The actual exploit can also be slightly improved. Make it a tcp frame,
> make the destination port 80 and it goes through most firewalls like
> a bullet through cheese and seems to keep its effectiveness.
>
> You can screen the stuff behind a firewall if your firewall reassembles
> fragments (and is of course itself not vulnerable 8)).
>
> Any news on the microsoft fix expected date/times ?
>
> Alan
>

• Next message: Philippe Strauss: "Re: The overlapping fragment bug"
• Previous message: David LeBlanc: "Re: Linux IP fragment overlap bug"
• Maybe in reply to: Alan Cox: "The overlapping fragment bug"
• Next in thread: Philippe Strauss: "Re: The overlapping fragment bug"