Re: seems to be a bug ?

Ok, thanks to Xavier's indication sent privately, thebug is fixed and a patch is available.

Details can be found here :
http://www.security-labs.org/Libnet/icmp_unreach-3.txt

As a summary, we can say that the size of the payload was omited to compute the checksum.

As it is the 3rd bug with this function, only one patch is available (attached) for all of them.

A devel version, already patched is available here from here: http://www.security-labs.org/index.php3?page=607 It contains several patches.

Last but not least, the 3 bugs in libnet_icmp_unreach() are also present in other icmp error messages ... but they will be fixed when we will be sure we did not forget another stupid bug, which may be really soon ;)

--
Frederic RAYNAL, Ph.D.
http://www.security-labs.org/
Chief Editor of M.I.S.C.
Multi-Systems & Internet Security Cookbook



On Wed, May 14, 2003 at 02:14:37PM +0200, Xavier Delannoy wrote:

> Hi, 

> 

> libnet 1.1 patch with : http://www.security-labs.org/Libnet/icmp_unreach-2.txt

--------------------------------------------------------------------- To unsubscribe, e-mail: libnet-unsubscribe@securityfocus.com For additional commands, e-mail: libnet-help@securityfocus.com

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek