On Friday 10 January 2003 18:02, Ofir Arkin wrote:
> Who is vulnerable?
> ------------------
> Josh Anderson and I tested several Ethernet cards and device drivers.
>
> We have found several device drivers which are vulnerable but we never
> attempted to find them all. It is simply because there are too many.
> Therefore we have contacted CERT more than 6 months ago and sent them
> the Etherleak paper and asked them to contact OS manufactures, Network
> device manufactures, Chipset manufactures, motherboard manufactures and
> other manufactures and vendors who might need to check their device
> driver's implementations.
>
> In our tests we have experienced this bug under 4 different operating
> systems:
>
> - Linux
> - NetBSD
> - FreeBSD
> - Microsoft Windows
>
I audited our system running under various operating systems.
The following OS do _not_ pad the packets with zero but something else, if
anybody is interested in the dumps of the frames produced while testing, feel
free to contact me.
Machine OS Version
IBM iSeries OS/400
IBM RS/6000 AIX 4.3
Sun E450 Solaris 8
HP Printers JetDirect Various
Identification of the vunerability was done by "ping -s1 <host>" and analysing
the resulting answers using ethereal, looking if the ethernet trailer was
different from all zero.
Greetings
Peter Turczak
- --
WIWA Gmbh&Co KG
Networking Dept.
Gewerbestr. 1-3
D-35633 Lahnau
GERMANY
Hash: SHA1
On Friday 10 January 2003 18:02, Ofir Arkin wrote:
> Who is vulnerable?
> ------------------
> Josh Anderson and I tested several Ethernet cards and device drivers.
>
> We have found several device drivers which are vulnerable but we never
> attempted to find them all. It is simply because there are too many.
> Therefore we have contacted CERT more than 6 months ago and sent them
> the Etherleak paper and asked them to contact OS manufactures, Network
> device manufactures, Chipset manufactures, motherboard manufactures and
> other manufactures and vendors who might need to check their device
> driver's implementations.
>
> In our tests we have experienced this bug under 4 different operating
> systems:
>
> - Linux
> - NetBSD
> - FreeBSD
> - Microsoft Windows
>
I audited our system running under various operating systems.
The following OS do _not_ pad the packets with zero but something else, if
anybody is interested in the dumps of the frames produced while testing, feel
free to contact me.
Machine OS Version
IBM iSeries OS/400
IBM RS/6000 AIX 4.3
Sun E450 Solaris 8
HP Printers JetDirect Various
Identification of the vunerability was done by "ping -s1 <host>" and analysing
the resulting answers using ethereal, looking if the ethernet trailer was
different from all zero.
Greetings
Peter Turczak
- --
WIWA Gmbh&Co KG
Networking Dept.
Gewerbestr. 1-3
D-35633 Lahnau
GERMANY
Voice: ++49-6441-609-12
FAX: ++49-6441-609-50
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE+H1ZDEOIt4Nhv5cwRAuU8AJ0a0BpdY2rq90RKk0nlx5KiNPZrqQCaAmPY
G7CtTaw8qKWLvLvRTlOM+28=
=r8NM
-----END PGP SIGNATURE-----
[ reply ]