Having only just recovered from the impact of "Copy Fail", a new vulnerability has emerged: Dirty Frag. While previous leaks often focused on logic errors, Dirty Frag taps into a different source: the way systems handle fragmented network packets.

What exactly is Dirty Frag?

Dirty Frag is a vulnerability that arises during the reconstruction of fragmented IP packets. When data is sent over the internet, it is often split into smaller pieces (fragments). The receiving machine must reassemble these into the correct order.

With Dirty Frag, an attacker manipulates these fragments in such a way that a buffer overflow or memory corruption occurs during the merging process.

How does it work technically?

Essentially, Dirty Frag uses overlapping fragments containing conflicting information.
Manipulation: The attacker sends fragments that partially overlap.
Confusion: The operating system does not know which part of the overlap is "true".
Exploitation: Due to a specific flaw in the kernel logic, more data is written to memory than there is space reserved. This enables attackers to execute their own code with system privileges (Remote Code Execution).

Why is this dangerous?

The major problem with Dirty Frag is that it operates at a very low level in the network stack. Many firewalls and Intrusion Detection Systems (IDS) struggle to recognize these malicious fragments because they often appear legitimate on their own until they are merged.

What can you do?

Patch immediately: Manufacturers are currently rolling out updates. This is your primary line of defense.
Network segmentation: Ensure that any potential breach cannot immediately spread throughout your entire company.
Inspection: Use advanced firewalls capable of buffering and monitoring fragmented traffic before it reaches the end server.

Is Mediawax prepared?

Certainly, we are also in the process of patching all our servers for this; this is being done again, just like with Copy Fail, via emergency maintenance.