Multiple Vendor Teardrop Denial of Service Vulnerability

The Teardrop denial of service attack exploits a flaw inherent to multiple vendor TCP/IP stacks. This problem is related to how the TCP/IP stack handle reassembly of fragmented IP packets.

This attack can be delivered by sending 2 or more specially fragmented IP datagrams. The first is the 0 offset fragment with a payload of size N, with the MF bit on (data content is irrelevant). The second is the last fragment (MF == 0) with a positive offset < N and with a payload of < N.

This results in the TCP/IP stack allocating unusually large resources to reassembling the packet(s). Depending on the memory deployed on the target box this usually results in the system freezing due to insufficient memory or in some case causing the machine to reboot.


Privacy Statement
Copyright 2010, SecurityFocus