Urgent !! Serious Security Bug.... (fwd2) from Mark M. Van Overbeke on 1996-10-30 (tru64-unix-managers)

From: Mark M. Van Overbeke <markvo_at_cda.mrs.umn.edu>
Date: Tue, 29 Oct 1996 10:20:41 -0600 (CST)

I tried this at a DU 3.2D-1 system. It crashed. It is an AlphaStation 255
4/233.

Mark

Mark Van Overbeke Systems Software Programmer
Computing Services
University of Minnesota, Morris INTERNET: markvo_at_cda.mrs.umn.edu
Morris, MN 56267 1-612-589-6378 after 3/17/96 1-320-589-6378

--
Success is the progressive realization of your worthwhile goal or dream!
---------- Forwarded message ----------
Date: Mon, 21 Oct 1996 11:53:03 +0200 (MET DST)
From: hj_at_globecom.net
To: alpha-osf-managers_at_ornl.gov
Subject: Urgent !! Serious Security Bug.... (fwd)
Followup-To: poster
I forward this e-mail from the Bugtraq mailing-list. 
This bug doesn't only crash/reboot linux as the text says, but the
following OS's too:
       1) Reboot: OSF/1 3.2C, Solaris2.4 x86
       2) Ignored: *BSD, SunOS4.1.x, IOS, AIX3.2.5, VMS e Solaris 2.4
          Sparc, Irix.
       3) Respond: M$ e OS/2
       4) Crash: Linux, AIX4, OSF  <= 3.2C and AIX3.2.5 on Token-ring.
If you need more info, check out the Archives of Bugtraq at the following
URL:
http://geek-girl.com/bugtraq/
Regards
Henrik Johansson
p.s. The patch that the text mentions IS NOT included, dince it is a Linux
patch.
d.s.
 -----=<->=-----=</>=-----=<->=-----=<|>=-----=<->=-----=<\>=-----=<->=-----
  Henrik Johansson     email: hj_at_globecom.net      tel: +46 (0)31-775 00 90   
   Systems Manager   mobile: +46 (0)706-25 15 45   fax: +46 (0)31-775 00 85
  GlobeCom Network "When communicating is your need"   http://globecom.net/
 -----=<->=-----=<\>=-----=<->=-----=<|>=-----=<->=-----=</>=-----=<->=-----
---------- Forwarded message ----------
Date: Sat, 19 Oct 1996 18:43:39 +0200
From: Jake the Prince <usa_at_win95.com>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ_at_netspace.org>
Subject: Urgent !! Serious Linux Security Bug....
Hi,
        Today we saw an email from Linus Torvalds advising of a problem
with Linux and ping.  Basically you can reboot a linux box remotely if
some scenario's are right.  From what we can tell and this has all been
verified is: If anyone in the world with a Windows 95 machine can ping
your
Linux box they can potentially reboot that machine.. Hence a serious
denial of service OR loss of data.
Scenario:
Win95 user types 'ping -l 65510 host.running.linux'.
Result:
That machine reboots OR freezes.
On the Linux machine, you need to be running kernel version 2.0.7(It's
the
lowest we run) up to version 2.0.20(The highest we're running).
With ping you can use value 65508-65527.
We have extensively tested both of these.
I'm sure there are thousands of Linux systems that could be affected.
There IS a BETA patch out and it DOES work.. If you don't have that
patch
code as of yet, it's attached.
Cyaz
Jake The Prince
PS..... Thanks to whoever found this serious bug...
-
       /-----------------------------------------------------------\
       | I have just one     \|/ ____ \|/                          |
       | thing to say...     ~_at_-/ oO \-_at_~  Neener, neener, neener. |
       |                     /_( \__/ )_\                          |
       |                        \__U_/                             |
       |                                                           |
       |      -*- Opp -*- (usa_at_win95.com) -*- USA_Direkt -*-       |
       \-----------------------------------------------------------/

Received on Tue Oct 29 1996 - 17:56:11 NZDT

This archive was generated by hypermail 2.4.0 : Wed Nov 08 2023 - 11:53:47 NZDT