[UPDATE] On WinSock 2.2 Woes

From: Raj Singh (rajat_private)
Date: Fri May 01 1998 - 23:11:28 PDT

Next message: Michal Zalewski: "Lynx's 2.8 buffer overflow"

Previous message: Brian S. McWilliams: "Re: Winsock 2.0 DoS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

I was also one of the people who reported the WinSock 2.2 problems in late
March, 1998 to the BugTraq list as well as to Microsoft. I received the
following update reply from Microsoft about 10-12 days back. I am sorry
not to have immediately forwarded this to the BugTraq list. The recent
message on this jogged my memory.

-- Raj

---------- Forwarded message ----------

From: Rick Plant <rplantat_private>

A new version of the update has been posted which addresses this issue. You
can download it and install overtop the original update. It's available from
http://www.microsoft.com/windows95/info/ws2.htm

Thank you for your patience.

Rick Plant
Microsoft


From:   Raj Singh[SMTP:RAJat_private]
Sent:   Friday, April 03, 1998 5:30:42 AM
To:     Microsoft Product Security Issues
Subject:        Re: WinSock 2.2 Woes
Auto forwarded by a Rule

Hi,

I have received no reply to the enclosed email as yet. Has this problem in
WinSock 2.2 resolved ?

-- Raj

---------- Forwarded message ----------
Date: Tue, 17 Mar 1998 11:01:06 +0530 (IST)

Hi,

I too reproduced the errors in Netscape3.01, IE and WS_FTP32 when the
ws2setup.exe patch from Microsoft was applied to a Win95 system (which
originally had WinSock 1.1).

The addresses that gave the errors were :

www.raen.com.br (reported earlier)
www.ceeri-p.net (non-existent address, crashes the application)
ftp.ceeri-p.net (non-existent address, crashes the application)

Note that all the above are 15 characters in total including the dots.

Once these kind of addresses are given and the application (netscape, ie,A
ws_ftp) has crashed, any other address (of any number of characters) also
crashes the application !!

Some times, the system also crashes and hangs. Hard reboot is the only
solution to resolving the above problems.

It is surprising that the patch has been out since January, 1998 and this
has not been taken care of as yet. The patch solves one problem (works
against teardrop, land, boink attacks ?) but creates other problems for
programs that use WinSock.

-- Raj

Next message: Michal Zalewski: "Lynx's 2.8 buffer overflow"
Previous message: Brian S. McWilliams: "Re: Winsock 2.0 DoS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:52:07 PDT