"Andrew Griffiths" <andrewgtasmail.com> writes:

> Greets: (in no particular order)
>
> Marty (and others for their brilliant work with Snort)
> Fyodor (for nmap)
> LBNL Network Research Group
> zen-parse [4] and jaguar for looking over this and suggesting
> improvements.
>
> It is possible to read parts of a remote machines memory. To be specific,
> it would have to be memory recently freed/swapped to disk. Consider this
> for example:

[...] Here is a patch for Linux 2.4 to fix the problem.

>
> AFFECTED:
>
> I assume it would be any OS that includes more than the ipaddresses/ports.

It's only an implementation bug in Linux, likely not a generic problem.

-Andi

--- linux-work/net/ipv4/icmp.c-o Tue Jan 15 11:05:17 2002
+++ linux-work/net/ipv4/icmp.c Sun Jan 20 23:31:29 2002
-495,7 +495,7
         icmp_param.data.icmph.checksum=0;
         icmp_param.csum=0;
         icmp_param.skb=skb_in;
- icmp_param.offset=skb_in->nh.raw - skb_in->data;
+ icmp_param.offset=skb_in->data - skb_in->nh.raw;
         icmp_out_count(icmp_param.data.icmph.type);
         icmp_socket->sk->protinfo.af_inet.tos = tos;
         ipc.addr = iph->saddr;
--- linux-work/net/ipv6/icmp.c-o Thu Sep 20 23:12:56 2001
+++ linux-work/net/ipv6/icmp.c Sun Jan 20 23:40:03 2002
-361,7 +361,7
         msg.icmph.icmp6_pointer = htonl(info);
 
         msg.skb = skb;
- msg.offset = skb->nh.raw - skb->data;
+ msg.offset = skb->data - skb->nh.raw;
         msg.csum = 0;
         msg.daddr = &hdr->saddr;
 

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]