Bugtraq mailing list archives

Re: NetBSD Security Advisory 1999-010

From: okir () MONAD SWB DE (Olaf Kirch)
Date: Fri, 21 May 1999 16:59:21 +0200


Talking of ARP, at least Linux has the problem that it blindly accepts
whatever hardware address it finds in the ARP response -- be it the
MAC broadcast address, or a multicast one. Not sure wheter other
OSs are affected.

I didn't find anything dangerous you can do with this, unless there's
some really stupid IP stack that tries to forward IP packets that were
sent to the MAC broadcast--that would indeed be network meltdown. But
I haven't seen such a stack.

I reported this to Alan a week or two ago, so I would assume that
it has been fixed in the meanwhile :)

Olaf
--
Olaf Kirch         |  --- o --- Nous sommes du soleil we love when we play
okir () monad swb de  |    / | \   sol.dhoop.naytheet.ah kin.ir.samse.qurax

Current thread:

Secure Storage of Secrets in Windows Aleph One (May 17)
- <Possible follow-ups>
- Re: Secure Storage of Secrets in Windows Nick FitzGerald (May 18)
  - Re: Secure Storage of Secrets in Windows Bronek Kozicki (May 20)
- Re: Secure Storage of Secrets in Windows Olaf Titz (May 18)
  - Buffer Overruns in RAS allows execution of arbitary code as system Mnemonix (May 19)
  - Re: Secure Storage of Secrets in Windows Eivind Eklund (May 19)
  - NetBSD Security Advisory 1999-010 matthew green (May 21)
    - Re: NetBSD Security Advisory 1999-010 Olaf Kirch (May 21)