Oops - a bug.

By DaveH on March 30, 2021 8:08 PM | No Comments

A big bug. One that affects most computers that are connected to a network.  Yes, you read that right:
A big bug. One that affects most computers that are connected to a network.  An example:

Open a terminal window.  In Windows, this is known as the Command Prompt.  Hit the Windows key and type CMD.
Type the following: "ping 127.0.0.1" - here is what you will see:

Microsoft Windows [Version 10.0.19041.867]
(c) 2020 Microsoft Corporation. All rights reserved.

C:\Users\DaveH>ping 127.0.0.1

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\Users\DaveH>

All well and good. Now, try typing the following:  "ping 0127.0.0.1" - here is what you will see:

Microsoft Windows [Version 10.0.19041.867]
(c) 2020 Microsoft Corporation. All rights reserved.

C:\Users\DaveH>ping 0127.0.0.1

Pinging 87.0.0.1 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 87.0.0.1:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

C:\Users\DaveH>

WTF???   From Bleeping Computer:

Critical netmask networking bug impacts thousands of applications
Popular npm library netmask has a critical networking vulnerability.

netmask is frequently used by hundreds of thousands of applications to parse IPv4 addresses and CIDR blocks or compare them.

The component gets over 3 million weekly downloads, and as of today, has scored over 238 million total downloads over its lifetime. Further, about 278,000 GitHub repositories depend on netmask.

The bug present in the library means when parsing an IP address with a leading zero, netmask sees a different IP due to improper validations in place.

The leading zero ( 0127.0. instead of 127.0. ) causes the IP Address to be read as an octal number instead of a decimal number. Hence: 127dec = 87oct

Geek joke: Why are Halloween and Christmas the same date? Because 31oct=25dec

Categories:

Leave a comment

Search

March 2023

Sun Mon Tue Wed Thu Fri Sat
      1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30 31  

Environment and Climate
AccuWeather
Cliff Mass Weather Blog
Climate Depot
ICECAP
Solar Cycle 24
Space Weather
Watts Up With That?


Geek Stuff
Ars Technica
Boing Boing
Don Lancaster's Guru's Lair
Hack a Day
Kevin Kelly - Cool Tools
Neatorama
Slashdot: News for nerds
The Register
The Daily WTF


Comics
The Argyle Sweater
Day by Day
Dilbert
Pearls Before Swine
Prickly City
xkcd


NO WAI! WTF?¿?¿
Not Always Right


Photography and Art
James Gurney
Shorpy


Blogrolling
Babalu Blog
Bayou Renaissance Man
Cold Fury
Doug Ross @ Journal
Instapundit
Irons in the Fire
James Lileks
Maggie's Farm
Marginal Revolution
Mostly Cajun
Power Line
Samizdata.net


Gone but not Forgotten...
American Digest
A Coyote at the Dog Show
Bad Eagle
Steven DenBeste
democrats give conservatives indigestion
Allah
BigPictureSmallOffice
Cox and Forkum
The Diplomad
Priorities & Frivolities
Grouchy Old Cripple
Gut Rumbles
Mean Mr. Mustard 2.0
MegaPundit
Masamune
Neptunus Lex
Other Side of Kim
Publicola
Ramblings' Journal
Sgt. Stryker
shining full plate and a good broadsword
A Physicist's Perspective
The Daily Demarche
Wayne's Online Newsletter

About this Entry

This page contains a single entry by DaveH published on March 30, 2021 8:08 PM.

This is unreal - these people are so self-absorbed in their own brilliance was the previous entry in this blog.

Great observation is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Categories

Monthly Archives

Pages

OpenID accepted here Learn more about OpenID
Powered by Movable Type 5.2.9