Re: new TCP/IP bug in win95

[aleph1 () DFW NET (Aleph One)]

Lots of mail this morning concerning this issue. I'll summarize.

Window for Workgroups 3.11 IS vulnerable.
Windows 95 without Winsock2 and the VIP update IS vulnerable.
Windows 95 with Winwosk 2 and the VIP update is NOT vulnerable.
NT 4.0 with no Service Packs and Hot-Fixes IS vulnerable.
NT 4.0 with Service Pack 3 goes to 100% CPU for about a minute and then
goes back to normal.
NT 4.0 with Service Pack 3 with all the hot-fixes (simpletcp+icmp) is NOT
vulnerable.
NeXTSTEP 3.0 IS reported as vulnerable.
FreeBSD 2.2.5 IS reported as vulnerable.
Linux 2.0.32 is NOT vulnerable.

If any of you find that this information is incorrect please let me know.
In particular I would like people to double check FreeBSD, and test
NetBSD, BSDI, and OpenBSDI.

Also, please, when you are reporting an affected OS include that exact
version, patch level, serive packs, and hot-fixes installed. It is of no
use is you simple state "it crashed NT".

As John W. Temples <john () kuwait net> pointed out this attack is rendered
ineffective by filtering packets from the Internet through your gateway
router which have source addresses on the network.

Aleph One / aleph1 () dfw net
http://underground.org/
KeyID 1024/948FD6B5
Fingerprint EE C9 E8 AA CB AF 09 61  8C 39 EA 47 A8 6A B8 01