From: "Breno" <[email protected]>
Date: Fri, 18 Oct 2002 22:42:12 -0300
http://online.securityfocus.com/archive/1/295855/2002-10-15/2002-10-21/1
There is nothing concrete at all about said "exploit".
It looks like just a clever way to divert the victim's
attention from the real mechanism these guys are using
to root peoples boxes.
It is nearly impossible for a TCP frag handling exploit
to allow a root shell and socket to that shell to be
created. So I think the claims are total nonsense.
On Fri, 18 Oct 2002 18:51:16 -0700 (PDT),
"David S. Miller" <[email protected]> wrote:
> From: "Breno" <[email protected]>
> Date: Fri, 18 Oct 2002 22:42:12 -0300
>
> http://online.securityfocus.com/archive/1/295855/2002-10-15/2002-10-21/1
>
>There is nothing concrete at all about said "exploit".
>
>It looks like just a clever way to divert the victim's
>attention from the real mechanism these guys are using
>to root peoples boxes.
Agreed.
>It is nearly impossible for a TCP frag handling exploit
>to allow a root shell and socket to that shell to be
>created. So I think the claims are total nonsense.
The last mail on that thread is interesting[*], fooling the victim into
running a vulnerable version of tcpdump by claiming a vulnerability in
TCP.
[*] http://online.securityfocus.com/archive/1/295855/2002-10-15/2002-10-21/2
From: Keith Owens <[email protected]>
Date: Sat, 19 Oct 2002 12:07:10 +1000
The last mail on that thread is interesting[*], fooling the victim into
running a vulnerable version of tcpdump by claiming a vulnerability in
TCP.
Yes, I noted that as well.
Another tip off is that ABFrag 'works' on BSD too :-)
On Sat, 19 Oct 2002 08:39:34 +0200,
Wolfgang Fritz <[email protected]> wrote:
>Breno wrote:
>>http://online.securityfocus.com/archive/1/295855/2002-10-15/2002-10-21/1
>See http://www.heise.de (in german):
>
>http://www.heise.de/newsticker/data/pab-18.10.02-000/
English: http://www.heise.de/english/newsticker/data/jk-18.10.02-006/
A message posted on the Security Mailinglist BugTraq about an exploit
for Linux kernels "ABFrags" has turned out to be a fake.
Let it die ...
Breno wrote:
>
http://online.securityfocus.com/archive/1/295855/2002-10-15/2002-10-21/1
>
>
>
> Breno
>
See http://www.heise.de (in german):
http://www.heise.de/newsticker/data/pab-18.10.02-000/
Wolfgang
> -
> To unsubscribe from this list: send the line "unsubscribe
> linux-kernel" in the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/