Re: unused bit attack alert

From: Vern Paxson (vernat_private)
Date: Mon Feb 21 2000 - 14:36:17 PST

Next message: Georgi Guninski: "Wordpad vulnerability, exploitable also in IE for Win9x"

Previous message: Alan Ramsbottom: "Re: Microsoft signed software can be install software without pro"
Maybe in reply to: LigerTeam: "unused bit attack alert"
Next in thread: antirez: "Re: unused bit attack alert"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> LigerTeam, strongly propose inserting of
> solution code before the computing of flag
> variable.
>
>   flag = flags & 0x3f;

The more robust fix is to systematically test for TCP flags by masking
to the value being tested.  For example:

	#define TEST_FLAGS(flags, mask) (((flags) & (mask)) == (mask))

Otherwise you are still vulnerable to attackers setting legitimate flags
in bogus combinations, such as adding URG to a SYN.

		Vern

Next message: Georgi Guninski: "Wordpad vulnerability, exploitable also in IE for Win9x"
Previous message: Alan Ramsbottom: "Re: Microsoft signed software can be install software without pro"
Maybe in reply to: LigerTeam: "unused bit attack alert"
Next in thread: antirez: "Re: unused bit attack alert"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:36:39 PDT