Bugtraq mailing list archives
Re: CERT Advisory CA-97.28 - Teardrop_Land
From: alan () LXORGUK UKUU ORG UK (Alan Cox)
Date: Wed, 17 Dec 1997 01:26:45 +0000
Red Hat Software ================ Topic 1 - Teardrop Linux is not vulnerable.It's well known that versions of Linux prior to publishing of the teardrop attack *were* vulnerable. The above borders on an outright lie.
I've already moaned. The correct answer is:
Linux
Prior to 2.0.31 and earlier are vulnerable to teardrop
2.0.32 and above are not.
RedHat 5.0 ships with a 2.0.31+patches that is not vulnerable. RH5.0
update for the 2.0.32 kernel is on ftp.redhat.com
update kernel and/or apply the patch to the existing kernel if you wish
to remain running an older kernel for reasons such as compliance testing.
I _hope_ someone in RH or Cert merely got teardrop and land muddled up.
Alan
Current thread:
- CERT Advisory CA-97.28 - Teardrop_Land Aleph One (Dec 16)
- <Possible follow-ups>
- Re: CERT Advisory CA-97.28 - Teardrop_Land Charles M. Hannum (Dec 16)
- Re: CERT Advisory CA-97.28 - Teardrop_Land Alan Cox (Dec 16)
- Re: CERT Advisory CA-97.28 - Teardrop_Land Ron Holt (Dec 19)
- SGI Security Advisory 19971201-01-P1391 - statd(1M) Buffer Overrun SGI Security Coordinator (Dec 16)
- CERT Vendor-Initiated Bulletin VB-97.16 - CrackLib Aleph One (Dec 17)
- SNI-22: RADIUS Advisory Secure Networks Inc. (Dec 17)
- Re: SNI-22: RADIUS Advisory miguel a.l. paraz (Dec 17)
- CGI security hole in EWS (Excite for Web Servers) Marc Merlin (Dec 17)
- Re: CGI security hole in EWS (Excite for Web Servers) carson () tla org (Dec 18)
- Re: SNI-22: RADIUS Advisory Thom Henderson (Dec 18)
- mIRC Worm Aleph One (Dec 18)
- Re: mIRC Worm Nigel Reed (Dec 18)
- Re: CERT Advisory CA-97.28 - Teardrop_Land Alan Cox (Dec 16)