The Ping o' Death Page Diary

• Apple has released pathces for the Apple Network Server (ANS) series. These machines run AIX but IBM patches would not work on them. The patches can be found at: ftp://ftp.support.apple.com/pub/apple_sw_updates/US/Unix/AIX/supported/

• XMiNT Xterminals have been tested by the manufacturer and found safe for all versions

• I've chopped this latest update list into two files. For updates prior to December 20th 1996, see here
• Well, just when you thought that every computer in creation was listed - for anyone still running one of the old DEC-36 bit systems, the story is that the TOPS-20 has a memory leak whenever it sends a datagram with more than two fragments. Do this often enough, and something will almost certainly break. There is no TCP/IP for the TOPS-10 system, but Fred Wright has ported the TOPS-20 code to the TOPS-10, and fixed the above problem at the same time. Surprise surprise, but DEC no longer support these systems. If a patch is needed, again contact Fred Wright, who has generously offered to provide one.
• Those with MkLinux systems, there is a page at http://www.macintosh.net/mklinux/update.html which details how to upgrade your system to kernel 2.0.27. This will fix the Ping o'Death in the process.
• VICOM, who make Internet Software for Macs, tell me that their products (which include an IP proxy router, PPP client/server, DHCP server and other IP-related stuff) are not vulnerable to the Ping o'Death. Info available at the Vicom site
• Yet another person has found the ACC Danube router crashes. That makes two now with problems, although ACC (ot the best of my knowledge) still haven't been able to reproduce this

• Well, I've left it as long as I can. I'm heading off to Africa in 3 weeks for a year or so Backpacking. Consequently, the Ping o'Death is not going to be foremost in my mind, and I'm looking for someone to take over the maintenance of these pages. There was a time a few months ago when I was getting swamped, but now I'm down to about 10-15 messages a week - a good number of which are "I can't crash my Windows '95 machine, what am I doing wrong". Any volunteers? Think of the publicity, the good will, the sex appeal... as always, mail me.
• AXIS have tested their products and found the everything OK. Specifically, all their Printservers, "StorPoint" CD-Servers and "NetEye" Camera Servers are fine.
• Solaris x86 patches are now officially out. For Solaris x86 v2.5 (Patch ID# 103170-10) see http://access1.sun.com/patch.recommended/2.5_x86.html. For Solaris x86 v2.5.1 (Patch ID# 103631-05) see http://access1.sun.com/patch.recommended/2.5.1_x86.html. No patch is available for v2.4

• SCO have patches out for their OpenServer 5. The patch is oss449a and can be downloaded here. The description of the patch is available as well.
• The patches mentioned below for SGI are available at ftp://sgigate.sgi.com in the Patches/5.3 or Patches/6.2 directories. The patch numbers are 1529 for 5.3 and 1418 for 6.2
• Everyone with newer DEC Unix installations, the recently released 4.0b has been made safe from the POD.
• For those of you wanting to trace the POD on your networks, a company calling themselves the AG Group manufacture a program called Etherpeek that will keep an eye on your network for any dodgy packets.
• Apparently there is a DOS app called pdclkset/pdtest written by a guy in Sweden that will send arbitrarily large ICMP requests. It's used to stress test ethernets to make sure everything is working properly. Anyway, it looks like this may cause similar problems, as it has been seen to cause Synoptics hubs to reset. I haven't got any more information on this, but it seems related so I thought I'd pass it on.
• Some of my information on the availability of patches for Solaris x86 is out of date - the patch for Solarix x86 2.5 is no longer temporary - it was released on the 6th December and can be downloaded here.
• Cabletron have been asked how there products fare against the Ping O'Death, and the say that there are no troubles. I guess we have to assume this applies to all there products

• SGI have released patches for the Ping O'Death and the SYN flood. Patches are available for both 5.3 and 6.2. I can't tell from looking at the advisory whether v6.2 is vulnerable to the ping or just the SYN flood, but I guess it doesn't matter much now. Follow the link for the advisory notice.
• The Shiva Lanrover is also secure. Like some of the other Shiva products, a message pops up in the Activity log saying "IP reassembly failed, length 65555". This may be something to watch for... The version tested was running ShivaOS v4.0, VRAM v5.6.0 and Hardware Revision 1.
• Well, got as little more information from SCO. It appears that the Ping O'Death for SCO systems is hardware dependent. Certain cards, such as the NE2000 and the SMC cards are vulnerable, while other cards are not - sorry, that's all the information I have. SCO are testing a patch and should release shortly.
• It seems that the very recent Service Pack 2 for NT 4.0 now prevents punters from sending invalid packets - ping responds with an "invalid size for option -l".
• Minix v2.0 is vulnerable.
• The ACC Danube router which was vulnerable is running version 8.0.7. Apparently ACC will not upgrade firmware without a fee being paid!

• The CERT advisory which has just come out lists several products which I didn't have information on before. Some have patches, some don't. Where the information I have had previously has been found incorrect, this is highlighted in red, and made italic for those of you browsing in black 'n' white.

  The systems with patches available are:

  • Digital Ultrix 4.3 to 4.5 (Presumably versions prior to 4.3 are also vulnerable, but patches are not available as these are no longer supported
  • Digital OpenVMS for VAX - vulnerable in the same way as Ultrix. Previously it was thought that only OpenVMS for AXP was in danger, but this is no longer the case.
  • Digital Unix MLS+ Version 3.1a
  • Digital Firewall for Unix and Digital AltaVista Firewall for UNIX
  • Digital VAX/ELN
  • IBM Secure Network Gateway Firewall
  The systems without patches available are:
  • SCO Internet FastStart
  • SCO OpenServer 5.0.0, 5.0.2
  • SCO Open Desktop 3.0
  • SCO TCP/IP 1.2.1 for SCO Unix System V/386 Release 3.2 Version 4.2
  • SCO Unix System V/386
  While new entries on the safe OS list are NEC EWS/UX, UP/UX and UX/4800.

  Rather than reproduce the information here, I could do no better than point you towards the original CERT Advisory for the full picture on the systems listed above.

• It seems that Netware 3.11 and 3.12 can be saved from the Ping o'Death by applying the TCPN02 patch... Can anyone confirm this before I move it into the "Vulnerable with Patches" section?
• Cisco are very puzzled over the problem with their 4000 router, as they are sure that it's OK... I'm moving it to a "just might be vulnerable" pigeonhole, as I've only got one report of a problem.