[RC5] My impatient cohorts
j-zbiciak1 at ti.com
Sun Mar 15 23:39:13 EST 1998
'Roy Wilson' said previously:
| That isn't scuttlebutt - it's a serious security hole. 13-15 place
| "names" of bogus websites will cause the condition.
I didn't mean to make it sound like it should be ignored. Given that
Winsock 2.0 is in Win98, and that Microsoft is really pushing to get
that stable, I think a patch for this bug should be available pretty
soon. (Although I hear the bug isn't really directly in Winsock 2.0,
and that Win98 may not be vulnerable. I take such reports with a grain
of salt, pepper, and other choice spices. ;-)
The nice thing about this problem (relative to some of the other
BSOD-type bugs that come up in Windows, not that such problems are
'nice' in an absolute sense) is that this one still requires you to
"initiate" the bug -- either by visiting a webpage, or whatever -- and
the worst that happens is that the machine crashes. Other bugs either
lead to stack-overrun exploits, or in the case of teardrop/land/etc.
don't require the user to actually do anything other than hook their
computer up to a network.
What's scary about the buffer overrun bugs/exploits is that they can
operate *through* a firewall pretty effectively. A creative coder can
turn your web-proxy into a general purpose access port to your private
The most the hostname-length bug can do is crash your machine. And if
you happen to hit a web-page with malicious HTML which causes this to
happen, you can avoid visiting that page again. In the case of an
overrun exploit, visiting a malicious page once may be enough to infect
your machine with whatever code the page's author decided to sick on you.
In the case of a "teardrop" style attack, the only thing you can do is
reboot and hope you're not attacked again.
Of course, I don't worry too much about the whole situation. Like I
said before, I haven't booted Win95 in months on the machines I use
PS. For those of you who are wondering, this information comes from the
Bugtraq/NTBugtraq mailing lists. To a web-search on either name if
you're interested in keeping your machines secure, regardless of its OS.
+----------- Joseph Zbiciak ----------+
| - - - - j-zbiciak1 at ti.com - - - - | Ignorance is the
|- http://www.primenet.com/~im14u2c/ -| Mother of Devotion.
| - - -Texas Instruments, Dallas- - - | -- Robert Burton
To unsubscribe, send 'unsubscribe rc5' to majordomo at lists.distributed.net
rc5-digest subscribers replace rc5 with rc5-digest
More information about the rc5