Bugtraq mailing list archives
Re: new TCP/IP bug in win95
From: aleph1 () DFW NET (Aleph One)
Date: Thu, 20 Nov 1997 09:48:02 -0600
Lots of mail this morning concerning this issue. I'll summarize. Window for Workgroups 3.11 IS vulnerable. Windows 95 without Winsock2 and the VIP update IS vulnerable. Windows 95 with Winwosk 2 and the VIP update is NOT vulnerable. NT 4.0 with no Service Packs and Hot-Fixes IS vulnerable. NT 4.0 with Service Pack 3 goes to 100% CPU for about a minute and then goes back to normal. NT 4.0 with Service Pack 3 with all the hot-fixes (simpletcp+icmp) is NOT vulnerable. NeXTSTEP 3.0 IS reported as vulnerable. FreeBSD 2.2.5 IS reported as vulnerable. Linux 2.0.32 is NOT vulnerable. If any of you find that this information is incorrect please let me know. In particular I would like people to double check FreeBSD, and test NetBSD, BSDI, and OpenBSDI. Also, please, when you are reporting an affected OS include that exact version, patch level, serive packs, and hot-fixes installed. It is of no use is you simple state "it crashed NT". As John W. Temples <john () kuwait net> pointed out this attack is rendered ineffective by filtering packets from the Internet through your gateway router which have source addresses on the network. Aleph One / aleph1 () dfw net http://underground.org/ KeyID 1024/948FD6B5 Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01
Current thread:
- Re: new TCP/IP bug in win95 Aleph One (Nov 20)
- <Possible follow-ups>
- new TCP/IP bug in win95 m3lt (Nov 20)