Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 20 Nov 1997 20:00:31 +0100
From:      Martin Machacek <Martin.Machacek@eunet.cz>
To:        freebsd-security@FreeBSD.ORG
Subject:   Re: new TCP/IP bug in win95 (fwd) 
Message-ID:  <199711201900.UAA28913@bb-prg.eunet.cz>
In-Reply-To: Your message of "Thu, 20 Nov 1997 12:34:05 EST." <Pine.BSF.3.96.971120123300.11500B-100000@cyrus.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
> 
> This seems relevant, although no doubt by the time this arrives, others
> will have managed to foward this to the list :)
> 
> Have not confirmed results, don't have any machines localy that I can
> afford to blow away.

I've tried the exploit against FreeBSD 2.2.2, 2.2.5 and 3.0-current and the 
results were interesting. FreeBSD 2.2.2 does not seem to be vulnerable, 
however both 2.2.5 and 3.0 froze. Another interesting thing is that the 
exploit cannot be run on FreeBSD (I've patched it to compile) because sendto 
even on raw socket plugs correct source address into the packet.

I've also tried the exploit against BSD/OS 2.1 and it also froze. There was 
little difference in behaviour of FreeBSD and BSD/OS in the frozen 
state. FreeBSD at least responded to ICMP echo packets and also managed to 
establish TCP connections. I've tried telnet from other machine and it 
reported connected to ...(buit that was all). BSD/OS was totally dead,
repsonding only to the reset switch.

The problem is in my opinion not that critical because every decent network 
should have IP spoofs filtered on the external router, so packets with 
identical source and destination should not reach any inside machine (even 
not the TCP layer on the external router).

> Windows 95 without Winsock2 and the VIP update IS vulnerable.

Yes.

> FreeBSD 2.2.5 IS reported as vulnerable.

Unfortunately yes.

Cheers,
-- 
Martin Machacek
[Internet CZ, Zirovnicka 6/3133, 106 00 Prague 10, Czech Republic]
[phone: +420 2 24245624 fax: +420 2 24316598]
[PGP KeyID 00F9E4BD]

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199711201900.UAA28913>