From owner-freebsd-security  Sun Oct 15  2:59:41 2000
Delivered-To: freebsd-security@freebsd.org
Received: from mail.gmx.net (pop.gmx.net [194.221.183.20])
	by hub.freebsd.org (Postfix) with SMTP id 05E8037B66D
	for <freebsd-security@freebsd.org>; Sun, 15 Oct 2000 02:59:35 -0700 (PDT)
Received: (qmail 3348 invoked by uid 0); 15 Oct 2000 09:59:33 -0000
Received: from p3ee2165d.dip.t-dialin.net (HELO speedy.gsinet) (62.226.22.93)
  by mail.gmx.net with SMTP; 15 Oct 2000 09:59:33 -0000
Received: (from sittig@localhost)
	by speedy.gsinet (8.8.8/8.8.8) id JAA31025
	for freebsd-security@freebsd.org; Sun, 15 Oct 2000 09:23:31 +0200
Date: Sun, 15 Oct 2000 09:23:31 +0200
From: Gerhard Sittig <Gerhard.Sittig@gmx.net>
To: freebsd-security@freebsd.org
Subject: Re: FreeBSD 4.x Bug with ICMP Error Messages (fwd)
Message-ID: <20001015092331.W25237@speedy.gsinet>
Mail-Followup-To: freebsd-security@freebsd.org
References: <200010142316.KAA05381@cairo.anu.edu.au>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0i
In-Reply-To: <200010142316.KAA05381@cairo.anu.edu.au>; from avalon@coombs.anu.edu.au on Sun, Oct 15, 2000 at 10:16:09AM +1100
Organization: System Defenestrators Inc.
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Sun, Oct 15, 2000 at 10:16 +1100, Darren Reed wrote:
> Forwarded message:
> > From: "Ofir Arkin" <ofir@itcon-ltd.com>
> > To: "Nmap-Hackers" <nmap-hackers@insecure.org>
> > Subject: FreeBSD 4.x Bug with ICMP Error Messages
> > Date: Sat, 14 Oct 2000 23:09:51 +0200
> > Message-ID: <GDEIJDIGIGIFHEIILCALCEIPCGAA.ofir@itcon-ltd.com>
> > 
> > [ ... ]
> > 
> > A udp datagram sent to a closed udp port (port 0, can be any
> > port).   The original udp datagram used e655 hex as its IP
> > Identification field value. The echoed IP Header inside the
> > ICMP Error message states that this value was 55e6 (with the
> > offending datagram).
> > 
> > FreeBSD 4.x simply flips between the first 8bits to the
> > second 8 bits.

There's something missing:  which platform does it happen on?  I
assume it's an i386 machine (or something else little endian).
This sounds very much like a missing hton() when setting up the
response.


virtually yours   82D1 9B9C 01DC 4FB4 D7B4  61BE 3F49 4F77 72DE DA76
Gerhard Sittig   true | mail -s "get gpg key" Gerhard.Sittig@gmx.net
-- 
     If you don't understand or are scared by any of the above
             ask your parents or an adult to help you.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message