Ping of Death
| ping-death (95) |  Medium Risk |
Description:
IP specifications prohibit the creation of packets greater than 65535 bytes in length. However, packet fragmentation permits an attacker to transmit packets exceeding this length. The "Ping of Death" attack involves transmitting a fragmented ICMP echo packet greater than 65535 bytes in length to a vulnerable system. When the victim system¿s networking stack reassembly code reassembles the packet, the allocated buffer may not be able to accommodate the packet. This can cause the system to crash, restart, or behave in unpredictable ways.
If a Ping Of Death is issued against a system that is immune to such attacks, the reply to the ping will also be a Ping Of Death. The first of the two events points to the attacker.
This attack is not limited to ICMP and can be exploited with any protocol that uses IP.
Platforms Affected:
- Apple, Mac OS
- Cisco, IOS
- Compaq, Tru64
- Data General, DG/UX
- HP, HP-UX
- IBM, AIX
- IBM, OS2
- Linux, Kernel
- Microsoft, Windows 2000
- Microsoft, Windows 2003 Server
- Microsoft, Windows 95
- Microsoft, Windows 98
- Microsoft, Windows 98SE
- Microsoft, Windows Me
- Microsoft, Windows NT 4.0
- Microsoft, Windows XP
- Novell, NetWare
- SCO, SCO Unix
- SGI, IRIX
- Sun, Solaris
- WindRiver, BSDOS
Remedy:
For IBM AIX 3.2.5:
Apply APAR IX59644 patch, as listed in IBM Emergency Response Service Security Vulnerability Alert ERS-SVA-E01-1996:006.1. See References.
For IBM AIX 4.1.x:
Apply APAR IX59453 patch, as listed in IBM Emergency Response Service Security Vulnerabiilty Alert ERS-SVA-E01-1996:006.1. See References.
For IBM AIX 4.2.x:
Apply APAR IX61858 patch, as listed in IBM Emergency Response Service Security Vulnerabiilty Alert ERS-SVA-E01-1996:006.1. See References.
For HP-UX:
Apply the patch for this vulnerability, as listed in Hewlitt-Packard Security Bulletin HPSBUX9610-040. See References.
For SunOS:
Apply the appropriate patch for your syste, as listed in CERT Advisory CA-1996-26. See References.
For Linux Kernel: Upgrade to the latest stable version of the Linux kernel (2.6.10 or later), available from the The Linux Kernel Archives Web site. It is reported that the ping of death vulnerability was corrected in version 2.0.24. See References.
For other distributions:
Contact your vendor for upgrade or patch information.
It may be possible to configure your firewall or router or deny malicious ICMP ECHO packets from entering your network.
Consequences:
Denial of Service
References:
- CERT Advisory CA-1996-26, Denial-of-Service Attack via ping at http://www.cert.org/advisories/CA-1996-26.html.
- Hewlett-Packard Company Security Bulletin HPSBUX9610-040, Vulnerability with incoming ICMP Echo Request (ping) packets at http://online.securityfocus.com/advisories/1518. (From SecurityFocus archive.)
- Oliver von Bueren Web site, www.ovb.ch - Home of Oliver von Bueren at http://www.ovb.ch/?http://www.ovb.ch/Ping/pod.html.
- SGI Security Advisory 19961202-01-PX, TCP SYN and Ping Denial of Service Attacks at ftp://patches.sgi.com/support/free/security/advisories/19961202-01-PX.
- The The Linux Kernel Archives Web site, The Linux Kernel Archives at http://www.kernel.org/.
- CVE-1999-0128: Oversized ICMP ping packets can result in a denial of service, aka Ping o' Death.
Reported:
Jan 01, 1997
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.
For corrections or additions please email xforce@iss.net