Bugtraq mailing list archives
Net/OpenBSD local reboot
From: fc () PARKONE CI OAKLAND CA US (Ficus carica)
Date: Wed, 30 Jul 1997 06:53:46 -0700
I have limited resources to play around with, but on my OpenBSD.current PPP system, one of: ping -s2955 1.2.3.4 or ping -s1455 1.2.3.4 causes kernel panic It's my guess that this is due to a magic MTU of 1500 which the packet just barely exceeds, resulting in only three bytes of data (one octet) in the last frag. Here is a sample of what I believe is a "death fragment" 4500 0017 027A 0172 FF01 A7E6 0102 0304 0506 0708 FFFF FF ping -s32739 127.0.0.1 should reproduce the problem, but the local loopback seems to assiduously avoid creating this "death fragment". Possibly by playing with its MTU?? Thankfully this bug does NOT appear to be remotely exploitable. My kernel happily accepts and replies to packets it dies trying to origionate itself. I have second hand confirmation that this problem exists under netbsd as well, and that freebsd may be immune. Any confirmation either way would be welcomed. The openbsd people are aware of the problem, and irc notwithstanding, are working on it. :) Fix: 1: chmod a-s /usr/sbin/traceroute /sbin/ping 2: avoid goofing around with home made packet fraggers
Current thread:
- Net/OpenBSD local reboot Ficus carica (Jul 30)
- Re: Net/OpenBSD local reboot Scott Reynolds (Jul 30)
- <Possible follow-ups>
- Re: Net/OpenBSD local reboot der Mouse (Jul 30)
- Re: Net/OpenBSD local reboot Ficus carica (Jul 30)
- Re: Net/OpenBSD local reboot Ficus carica (Jul 30)
- Re: Net/OpenBSD local reboot Michael Graff (Jul 30)