Date: Mon, 4 Dec 2000 19:14:26 -0800 From: "Jeremiah Gowdy" <jgowdy@home.com> To: <freebsd-questions@FreeBSD.ORG> Subject: A SECOND RAZOR/BINDVIEW ADVISORY !!! FreeBSD Admins ARE vulnerable !!! Message-ID: <005d01c05e69$794d73f0$aa240018@cx443070b>
next in thread | raw e-mail | index | archive | help
Topic: Network Administrator DoS vulnerabilities
Overview: A class of vulnerabilities has been discovered, and the name LMAO
is being used to describe them as a group. The LMAO vulnerabilities are
weaknesses in the way that Razor restates the obvious and gets media
attention.
Affected Systems: Any and all Network Administrators who read Razor
Advisories.
Impact: By depriving the Network Administrator's brain of oxygen for an
extended period of time, the admin's mental abilities may be reduced to
levels even lower than their usual substandard state. This could result in
even more work time spent on IRC than usual.
Background:
DoS
A denial of service attack is a purposeful action to significantly degrade
the quality and/or availability of services a system offers.
DoS->OS
Oxygen Starvation is a type of denial of service attack.
DoS->OS->LAUGHING_STATE
The Network Administrator has a diaphragm, which when exposed to Razor
advisories, may activate uncontrollably causing possibly very serious damage
due to lack of oxygen to the brain and possibly even more serious injures if
the situation is severe enough to warrant a ROFL, because the transition
from LMAO to LMFAO to ROFL usually involves the subject falling out of his
or her chair.
Details:
LMAO is a demonstration of an efficient DoS->OS->LAUGHING_STATE exploit. It
is efficient because it does not use traditional humor, involving things
that are actually funny. Unlike a real joke, Razor Advisories are
represented as being serious, which can actually increase the damage done to
the Network Administrator. Here are a few examples of the many possible
LMAO weaknesses:
- FreeBSD Administrators, when told that too many connections to a port
will consume resources, are immediately rendered useless as they quickly
fall into the LMFAO state, very possibly resulting in a tipped chair,
dumping the Admin onto the floor and there is even a remote possibility that
the Admin's soft drink of choice is spilled on the floor, resulting in
damages to the Administrator in the amount of $0.50 to $1.00 or more
depending on how cheap the owners of said Administrator's company are.
- Novel Netware Administrators, when told they are 45 years old, they
have no life, and are using a product that should be quietly put to death,
usually begin crying and are inconsolable for hours. The reason this
qualifies as a LMAO attack is although the Netware Administrator is crying,
all of the other Administrators who've been silently laughing at him for
years are DoSed and unable to do their jobs resulting in a SMURF style LMAO
attack.
- Windows 2000 Administrators, usually MCSEs, are too busy trying to
figure out what they paid $5,000 for and playing Solitaire to notice Razor
Advisories. They seem to be invulnerable to this type of attack unless the
Advisory is emailed to them with a VBS Trojan attachment.
Recommendations:
Unfortunately, most Administrators are vulnerable to LMAO attacks, and until
some ignorance patches come out, there is very little that can be done
outside of normal hiccup resolution practices. We do have a few
recommendations:
1. Limit the amount of humorous emails the Administrator receives,
because if the Administrator already has the hiccups when reading a Razor
Advisory, the results can be fatal.
2. Limit who can speak to the Administrator using office partitions to
avoid office humor.
3. Call the ISP and ask them to upstream filter all razor.bindview.com
packets.
4. Replace the tile floors in the office with shag carpet for a much
softer landing in the event of a LMFAO escalating to a ROFL.
5. Make certain that emergency hiccup stations are functioning properly,
that the Administrator may quickly have a drink of water after reading Razor
Advisories.
References:
CVE:
The Common Vulnerabilities and Exposures (CVE) project has assigned the
name LOL-31337 to this issue.
CERT Advisory:
http://www.cert.org/advisories/LOL-31337
Microsoft's Security Bulletin:
http://www.microsoft.com/win2k
Microsoft Security Patch
http://www.microsoft.com/directx
RFC 31337:
http://www.faqs.org/rfcs/rfc31337.html
"I can packet j00" security paper
Author: ScriptHax0r
http://razor.bindview/publish/papers/war-toolz.html
"Strategies for getting your ISP to defend you after you've started a
packet war" security paper
Author: OopsIGotCaught
http://razor.bindview.com/publish/papers/OhShit.html
Snort, Sniff, Chew, Inject, but don't inhale.
http://www.william-jefferson-clinton.com/depends-on-what-the-meaning-of-the-
word-is-means.html
Al Gore's voteserver:
http://www.algore.com/cgi-bin/generatevotes.cgi?recount=YES
BasharTeg's Forkbomb Process-Table Attack
http://void.main.void/while/1/malloc/fork/disqualified/from/rootwars.html
Stanislav's Script KiddieKill
http://www.securityfocus.com/archive/101/ways-to-kill-a-script-kiddie.html
Advisory Contact: advisory.lmao@razor.bindview.com
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?005d01c05e69$794d73f0$aa240018>