lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
From: rwm8 at CSE.MsState.EDU (Robert Wesley McGrew)
Subject: Cisco Bug 44020 - Final Thoughts

As far as your code is concerned any number that suits
(real_vuln_protocol)+256*n should crash the machine.  However, this is
meaningless, since, as you say, the IP header's protocol field is only 8
bits, so you can generate larger numbers all day, but only your
least-significant 8 bits are being sent.

I couldn't tell from your description if you really understood that
anything above 255 is just going to be specific to your program and not
indicating any more exploitable protocols, so apologies if I'm stating the
obvious.  I just don't see how this supports your conclusion that there
are more protocols that cause failure.

Wesley

On Wed, 23 Jul 2003 bill.noren@...tec.com wrote:

> witnessed failures on the following port numbers: 53, 55, 77, 103, 309 and
> 823.  I did NOT get a failure on protocol 46 as someone else here suggested
> (do you have details on that?).  Note that if you only count the right most
> 8 bits of 309 and 823, they are the same as 53 and 55 respectively so
> there's probably a couple more numbers that also cause the failure.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ