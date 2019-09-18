Stories
Windows Systems Vulnerable to FragmentSmack, 90s-Like DoS Bug

Microsoft released a security advisory about a denial-of-service vulnerability that could render multiple versions of Windows completely unresponsive and has no mitigation factors, the company says.

The vulnerability affects all versions of Windows 7 through 10 (including 8.1 RT), Server 2008, 2012, 2016, and Core Installations that don't have the latest set of security updates released as part of the September 2018 Patch Tuesday updates.

Tagged with the identification number CVE-2018-5391, the bug received the moniker FragmentSmack because it responds to IP fragmentation, a process that adjusts the packet size to fit the maximum transmission unit (MTU) at the receiving end.

IP fragmentation attacks are a known form of denial of service, where the victim computer receives multiple IP packets of a smaller size that are expected to be reassembled into their original form at the destination.

FragmentSmack is a TCP fragmentation type of attack, also known as a Teardrop attack, that prevents reassembling the packets on the recipient end. The vulnerability is as old as Windows 3.1 and 95, where it crashed the OS, but it was seen in the more recent Windows 7, too.

Why write all new bugs when you can just reboot old ones?

Source: https://www.bleepingcomputer.com/news/security/windows-systems-vulnerable-to-fragmentsmack-90s-like-dos-bug/

  • (Score: 2) by Runaway1956 on Wednesday September 19, @09:55AM (1 child)

    by Runaway1956 (2926) Subscriber Badge on Wednesday September 19, @09:55AM (#736959) Journal

    All systems are vulnerable, and we need to be reminded of that fact from time to time. But, "Windows Systems Vulnerable" gets redundant.

    • (Score: 2) by ledow on Wednesday September 19, @10:03AM

      by ledow (5567) on Wednesday September 19, @10:03AM (#736961) Homepage

      Indeed

      https://access.redhat.com/articles/3553061 [redhat.com]

      It does get me that we still don't do calculations on whether basic features can be used to amplify the impact of such an attack out of a reasonable range, or design protocols so that they don't result in "more data / calculation" than a fixed bound in the first place.

  • (Score: 0) by Anonymous Coward on Wednesday September 19, @10:11AM

    by Anonymous Coward on Wednesday September 19, @10:11AM (#736964)

    I read the article(!), the mitigation is to turn of fragmented packet reassembly as such from an elevated command prompt:

    If the environment does not allow applying the security updates immediately, Microsoft recommends using the commands below to disable packet reassembly as a workaround for the FragmentSmack denial-of-service bug:

    Netsh int ipv4 set global reassemblylimit=0
    Netsh int ipv6 set global reassemblylimit=0

    They will drop any packets that are out of order, increasing the potential of losses. To avoid any problems there should not be more than 50 out-of-order packets.

    Some security products from CheckPoint are also affected by FragmentSmack, and the company suggests disabling fragments as an immediate workaround.

