Casinos Not On Gamstop Non Gamstop Casinos Casinos Not On Gamstop Online Casinos UK Non Gamstop Casino
29th Dec 1998 [SBWID-216]
COMMAND
	    TCP/IP
SYSTEMS AFFECTED
	    BSDi 3.1, FreeBSD prior to 2.2.8 and FreeBSD 3.0, OpenBSD 2.3, 2.4
PROBLEM
	    Following is based on CERT  Advisory CA-98-13.  Some systems  with
	    BSD-derived  TCP/IP  stacks.   Intruders  can  disrupt  service or
	    crash systems with vulnerable TCP/IP stacks. No special access  is
	    required, and intruders can use source-address spoofing to conceal
	    their true location.
	    By  carefully  constructing  a  sequence  of  packets with certain
	    characteristics,  an  intruder  can  cause  vulnerable  systems to
	    crash,  hang,  or  behave  in  unpredictable  ways.  Specifically,
	    intruders  can   use  this   vulnerability  in   conjunction  with
	    IP-source-address spoofing to make  it difficult or impossible  to
	    know  their  location.   They  can  also  use the vulnerability in
	    conjunction with  broadcast packets  to affect  a large  number of
	    vulnerable machines with  a small number  of packets.   Any remote
	    user can crash or hang  a vulnerable machine, or cause  the system
	    to behave in unpredictable ways.  The vulnerability was originally
	    discovered by Joel Boutros.
SOLUTION
	    You  can  configure  your  router  or  firewall  to  help  prevent
	    source-address spoofing.  A  detailed description of this  type of
	    filtering is available in RFC 2267.
	    Berkeley Software Design, Inc. (BSDI)
	    =====================================
	    BSDI's current release BSD/OS 4.0 is not vulnerable to this
	    problem.  BSD/OS 3.1 is vulnerable and a patch (M310-049) is
	    available from:
	
	        http://www.bsdi.com/support/patches
	        ftp://ftp.bsdi.com/bsdi/patches/patches-3.1.
	
	    FreeBSD, Inc.
	    ===========
	    FreeBSD versions prior  to 2.2.8 are  vulnerable.  FreeBSD  3.0 is
	    also  vulnerable.   FreeBSD  3.0-current  as  of 1998/11/12 is not
	    vulnerable.  A patch is available at:
	
	        ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/CA-98-13/patch
	
	    The  CERT  advisory  doesn't  go  into  any detail about the exact
	    nature of the packets that trigger  the problem.   A cursory  look
	    at  the  patch  suggests  that  the  problem  has to do with short
	    packets with certain  options set.   Here's the patch  for FreeBSD
	    3.0 and 2.2.x:
	
	    RCS file: /home/cvsup/freebsd/CVS/src/sys/netinet/ip_input.c,v
	    retrieving revision 1.104
	    retrieving revision 1.105
	    diff -u -r1.104 -r1.105
	    --- ip_input.c  1998/10/27 09:19:03     1.104
	    +++ ip_input.c  1998/11/11 21:17:59     1.105
	    @@ -513,7 +513,7 @@
	             */
	            if (ip->ip_off & (IP_MF | IP_OFFMASK | IP_RF)) {
	                    if (m->m_flags & M_EXT) {               /* XXX */
	    -                       if ((m = m_pullup(m, sizeof (struct ip))) == 0) {
	    +                       if ((m = m_pullup(m, hlen)) == 0) {
	                                    ipstat.ips_toosmall++;
	     #ifdef IPDIVERT
	                                    frag_divert_port = 0;
	
	    OpenBSD
	    =======
	    Security fixes for this problem are now available for 2.3 and 2.4:
	
	        http://www.openbsd.org/errata23.html#tcpfix
	        http://www.openbsd.org/errata.html#tcpfix
Internet highlights

Casino Not On Gamstop