Bugtraq mailing list archives
Stream.c needs more clarification
From: vanja () RELAYGROUP COM (Vanja Hrustic)
Date: Tue, 25 Jan 2000 22:25:40 +0700
I'm really confused (as some other people I've talked to are), and I'd be happy if someone can clarify few things. I have been told that I must be on 100Mbit LAN in order to 'exploit' this vulnerability. The result is: slow response time from the victim machine. In some cases (as I have been told), work on console (be it X, or text mode) is slowed down, while in other cases the victim machine can not do any work over the network (it can't be pinged, it can't ping out, etc.). No crashes, no kernel panic. Well, if I am sending 100-150,000 packets in a second to some machine, I wouldn't expect it to be reachable. Anyway... take the old 'oshare.c' source, modify these 2 lines: ip->ihl = rand() % 16; ip->tot_len = rand() % 0xffff; (this has been posted to Bugtraq in January '99, by "DEF CON ZERO WINDOW <defcon0 () UGTOP COM>"; similar modifications have been made to 'oshare.c' by some other people, around the same time, for testing of oshare & NT). Now compile it, and run on local LAN against NT Server 4.0 (tested w/ SP6a) - you'll have an NT Server acting like ZX81 (when it comes to 'speed'of NT Server - not the link). On a 10Mbit LAN. So, is this as big problem as 'stream.c' is? I am not a network engineer, and I am really confused with this. Link is just a 'pipe', and if you fill it, it's expected that you won't be able to ping anyhing (try downloading 500Mb file over local LAN, no matter what the speed of the LAN is, and no bandwidth limitations either) 1. Does 'stream.c' problem exist *only* on 100Mbit LAN (as I've been told by some people), or it is supposed to harm systems 'remotely' (over the net, on speeds up to 2Mbit or so)? 2. Does it affect only FreeBSD or not? 3. Did anybody actually manage to do some harm using exploits posted on Bugtraq? [either slightly/heavily modified, or the 'default' version] The answers to these questions will probably also help to the moderator of certain NT related mailing list who says:
Huge exploits, like stream.c or Trin00, go largely unreported by the mainstream media, whereas a story about some popular software not working securely on W2K could make it to CNN Headline News. Media scale has little to do with The Real World(TM). This may be
Although these 'huge exploits' examples are silly, it's worth noting that people do think that 'stream.c' is a huge one. Is it? Thanks. -- Vanja Hrustic SAFER Editor SAFER - free monthly security newsletter Subscriptions at http://safer.siamrelay.com
Current thread:
- Re: explanation and code for stream.c issues, (continued)
- Re: explanation and code for stream.c issues Tim Yardley (Jan 21)
- Re: explanation and code for stream.c issues Erik Fichtner (Jan 21)
- Re: explanation and code for stream.c issues Brett Glass (Jan 21)
- S/Key & OPIE Database Vulnerability harikiri (Jan 21)
- Re: S/Key & OPIE Database Vulnerability David Maxwell (Jan 23)
- S/Key & OPIE Database Vulnerability Steve VanDevender (Jan 23)
- Re: S/Key & OPIE Database Vulnerability Evil Pete (Jan 24)
- Re: S/Key & OPIE Database Vulnerability Mudge (Jan 25)
- Re: S/Key & OPIE Database Vulnerability Steve VanDevender (Jan 25)
- Re: S/Key & OPIE Database Vulnerability Mudge (Jan 25)
- Stream.c needs more clarification Vanja Hrustic (Jan 25)
- Re: S/Key & OPIE Database Vulnerability Steve VanDevender (Jan 25)
- Re: S/Key & OPIE Database Vulnerability Mudge (Jan 25)
- Re: S/Key & OPIE Database Vulnerability Steve VanDevender (Jan 26)
- Future of s/key (Re: S/Key & OPIE Database Vulnerability) Frasnelli, Dan (Jan 26)
- Re: S/Key & OPIE Database Vulnerability Eivind Eklund (Jan 27)
- Re: S/Key & OPIE Database Vulnerability Jordan Ritter (Jan 27)
- Re: S/Key & OPIE Database Vulnerability Jordan Ritter (Jan 28)
- "Strip Script Tags" in FW-1 can be circumvented Arne Vidstrom (Jan 29)
- Re: S/Key & OPIE Database Vulnerability Brandon Palmer (Jan 27)
- Re: S/Key & OPIE Database Vulnerability Eivind Eklund (Jan 28)