Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

DoS: ANS Interlock Firewall

From: lurker () CC GATECH EDU (Chris A. Henesy)
Date: Thu, 9 Jul 1998 15:51:14 -0400

        This may be repeated information but a quick search of the
archives didn't turn anything up, so here goes...

        There is a problem in the TCP/IP stack of ANS's Interlock Internet
Firewall product.  Sending the correct series of packet fragments will
cause the machine to reboot.  Bellow is part of a problem description
provided by ANS.  A patch is available.


The 1st fragment contains all (or most) of the packets payload and it
incorrectly indicates that no other fragments are coming (the IP
more fragment field is not set).  The next fragment is sent with a
zero length and uses the same packet identifier (indicating its
another part of the earlier packet).  This packet also does not
indicate that more fragments are coming.  The result is a zero length
fragment arrives at the InterLock and gets processed by the Solaris
fragment handling code.  Unfortunately, the Solaris fragment timeout
handling code (which gets involved 60 seconds later) doesnt properly
handle the zero length fragment and its panics the box during cleanup.


        -The Lurker
Previous By Date Next
Previous By Thread Next

Current thread: