[RC5] My impatient cohorts

Joe Zbiciak j-zbiciak1 at ti.com
Sun Mar 15 23:39:13 EST 1998


'Roy Wilson' said previously:

| 	That isn't scuttlebutt - it's a serious security hole.  13-15 place
| "names" of bogus websites will cause the condition.

I didn't mean to make it sound like it should be ignored.  Given that
Winsock 2.0 is in Win98, and that Microsoft is really pushing to get
that stable, I think a patch for this bug should be available pretty
soon.  (Although I hear the bug isn't really directly in Winsock 2.0,
and that Win98 may not be vulnerable.  I take such reports with a grain
of salt, pepper, and other choice spices. ;-)

The nice thing about this problem (relative to some of the other
BSOD-type bugs that come up in Windows, not that such problems are
'nice' in an absolute sense) is that this one still requires you to
"initiate" the bug -- either by visiting a webpage, or whatever -- and
the worst that happens is that the machine crashes.  Other bugs either
lead to stack-overrun exploits, or in the case of teardrop/land/etc.
don't require the user to actually do anything other than hook their
computer up to a network.

What's scary about the buffer overrun bugs/exploits is that they can
operate *through* a firewall pretty effectively.  A creative coder can
turn your web-proxy into a general purpose access port to your private
LAN.  

The most the hostname-length bug can do is crash your machine.  And if
you happen to hit a web-page with malicious HTML which causes this to
happen, you can avoid visiting that page again.  In the case of an 
overrun exploit, visiting a malicious page once may be enough to infect
your machine with whatever code the page's author decided to sick on you.
In the case of a "teardrop" style attack, the only thing you can do is
reboot and hope you're not attacked again.

Of course, I don't worry too much about the whole situation.  Like I
said before, I haven't booted Win95 in months on the machines I use
most.  :-)

Regards,

--Joe

PS. For those of you who are wondering, this information comes from the
Bugtraq/NTBugtraq mailing lists.  To a web-search on either name if
you're interested in keeping your machines secure, regardless of its OS.

-- 
 +----------- Joseph Zbiciak ----------+
 | - - - -  j-zbiciak1 at ti.com  - - - - |       Ignorance is the
 |- http://www.primenet.com/~im14u2c/ -|       Mother of Devotion.
 | - - -Texas Instruments, Dallas- - - |          -- Robert Burton
 +-----#include "std_disclaimer.h"-----+
--
To unsubscribe, send 'unsubscribe rc5' to majordomo at lists.distributed.net
rc5-digest subscribers replace rc5 with rc5-digest



More information about the rc5 mailing list