Full Disclosure mailing list archives
Re: Cisco Bug 44020 - Final Thoughts
From: Robert Wesley McGrew <rwm8 () CSE MsState EDU>
Date: Wed, 23 Jul 2003 15:05:58 -0500 (CDT)
As far as your code is concerned any number that suits (real_vuln_protocol)+256*n should crash the machine. However, this is meaningless, since, as you say, the IP header's protocol field is only 8 bits, so you can generate larger numbers all day, but only your least-significant 8 bits are being sent. I couldn't tell from your description if you really understood that anything above 255 is just going to be specific to your program and not indicating any more exploitable protocols, so apologies if I'm stating the obvious. I just don't see how this supports your conclusion that there are more protocols that cause failure. Wesley On Wed, 23 Jul 2003 bill.noren () paetec com wrote:
witnessed failures on the following port numbers: 53, 55, 77, 103, 309 and 823. I did NOT get a failure on protocol 46 as someone else here suggested (do you have details on that?). Note that if you only count the right most 8 bits of 309 and 823, they are the same as 53 and 55 respectively so there's probably a couple more numbers that also cause the failure.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Cisco Bug 44020 - Final Thoughts bill.noren (Jul 23)
- Re: Cisco Bug 44020 - Final Thoughts Robert Wesley McGrew (Jul 23)
- <Possible follow-ups>
- Re: Cisco Bug 44020 - Final Thoughts bill.noren (Jul 24)
- Re: Cisco Bug 44020 - Final Thoughts Valdis . Kletnieks (Jul 24)