|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: CERT Advisory CA-97.28 - Teardrop_Land
Alan Cox (alan
LXORGUK.UKUU.ORG.UK)Wed, 17 Dec 1997 01:26:45 +0000
- Messages sorted by: [ date ][ thread ][ subject ][ author ]
- Next message: SGI Security Coordinator: "SGI Security Advisory 19971201-01-P1391 - statd(1M) Buffer Overrun"
- Previous message: Aleph One: "Q147222: Group of Hotfixes for Exchange 5.5 and IIS 4.0"
- In reply to: Charles M. Hannum: "Re: CERT Advisory CA-97.28 - Teardrop_Land"
- Next in thread: Ron Holt: "Re: CERT Advisory CA-97.28 - Teardrop_Land"
> > Red Hat Software
> > ================
> >
> > Topic 1 - Teardrop
> >
> > Linux is not vulnerable.
>
> It's well known that versions of Linux prior to publishing of the
> teardrop attack *were* vulnerable. The above borders on an outright
> lie.
I've already moaned. The correct answer is:
Linux
Prior to 2.0.31 and earlier are vulnerable to teardrop
2.0.32 and above are not.
RedHat 5.0 ships with a 2.0.31+patches that is not vulnerable. RH5.0
update for the 2.0.32 kernel is on ftp.redhat.com
update kernel and/or apply the patch to the existing kernel if you wish
to remain running an older kernel for reasons such as compliance testing.
I _hope_ someone in RH or Cert merely got teardrop and land muddled up.
Alan
- Next message: SGI Security Coordinator: "SGI Security Advisory 19971201-01-P1391 - statd(1M) Buffer Overrun"
- Previous message: Aleph One: "Q147222: Group of Hotfixes for Exchange 5.5 and IIS 4.0"
- In reply to: Charles M. Hannum: "Re: CERT Advisory CA-97.28 - Teardrop_Land"
- Next in thread: Ron Holt: "Re: CERT Advisory CA-97.28 - Teardrop_Land"