IP Packet Receiving Buffer Overflow Error

Vulnerability Description

Brief Description: A very large ICMP ECHO packet crashes systems that cannot handle it.

Detailed Description: Few implementations of TCP/IP can handle packets of maximum legal size (65,565 bytes). In particular, sending an ICMP ECHO packet of this size overflows internal buffers on many systems and causes them to lock up or crash.

Component(s): kernel TCP/IP implementation

Version(s): varies

Operating System(s): Microsoft Windows NT 4.0 (unverified); SunOS 4.x (unverified); BSD derivatives (unverified)

Other Information: The system being attacked must be reachable using TCP/IP.

Effects:The system hangs or crashes.

Detecting the Vulnerability:

* Create an ICMP ECHO packet with a data segment big enough to make the packet 65,535 bytes long, and send it to your system.

Fixing the Vulnerability:

* You need to patch the kernel. Contact your vendor asking for the right patch.

Cataloguing

Keywords:ping ICMP ECHO IP packet size buffer overflow

Exploiting

Attack Methods or Tools: Not provided.

Related Information

Advisories and Other Alerts: CIAC Advisory I-36, "FreeBSD Denial-of-Service LAND Attacks" (3/16/98) (http:// ciac.llnl.gov/ciac/bulletins/i-036.shtml) CERT Advisory CA-97.28, "IP Denial-of-Service Attacks" (12/16/97) (http:// cert.org/cert/advisories/CA-97.28.html)

Related Vulnerabilities: none.

History

First Report We Know Of: by unknown, date Bugtraq, in 1995

Revisions of Database Record

1. Matt Bishop(Aug. 28, 1998): Entered into DOVES