On Fri, 25 Oct 1996, Hicks, Rick wrote:
> I hope you're not attempting to take a shot at the "roll-your-own" folks
> (or Linux), as this problem affects more than just Linux.
>
Since Alan had the fix out that day, and the binary vendors didn't,
it'd be hard to use this as a shot at Linux users.
You should see the pre-requisites required to fix AIX, hell of a lot
bigger patch than a few diff lines too.
> I have personally verified that it crashes Linux, AIX, and HP-UX (which,
> for some reason, was left off the list of affected systems). I can't
> verify Digital Unix, but I'll take their word for it. Solaris and IRIX
> passed the test.
>
> The bug can only be exploited from a system that runs the MS IP stack, as
> its ping command does no size checking. Any other ping, as far as I
> know, will not allow you to specify the data size necessary to crash
> these systems.
Or by a program building it's own ICMP datagrams.
>
> I hesitated to post this (I've known since Sunday) because of the
> availability of patches for AIX and HP-UX. Since it wasn't too secret
> then, and certainly less so now, I guess it doesn't matter.
AIX patches are available for 4.1.4 and 3.2.5 from IBM
> >[Patch also available from http://www.uk.linux.org/patches/]
This includes a bigger fix than the original, which also denies another
'big packet' problem.
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
proberts @
clark .
net which may have no basis whatsoever in fact."
PSB#9280
Follow-Ups:
References:
|
|
