• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Multiple Vendor TCP/IP Implementations Vulnerability

On December 21/1998 the CERT Coordination Center released an advisory to announce a denial of service attack which affected some operating systems which relied on BSD derived TCP/IP stacks. While the advisory itself was remarkably vague inspection of the patches issued by the FreeBSD team seem to indicate the vulnerability was related to short packets with certian IP options set. The end result of such an attack resulted in the target box seizing up and ceasing active operation or in other instances a kernel panic and resulting reboot.