|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: itojun
iijlab.netDate: Wed Mar 20 2002 - 19:30:34 CST
>Actions:
>
>I notified security-officer{free,open,net}bsd.org on Feburary
>17th. From examining OpenBSD source code, it appears to have the
>flaw. I have confirmed that NetBSD is vulnerable. I have been unable
>to actually test the vulnerability on an operational OpenBSD system. I
>have not heard anything from either NetBSD or OpenBSD, and no changes
>related to this bug appear to have been committed to their code. Patches
>for NetBSD and OpenBSD are attached below.
the changes were made into both openbsd and netbsd repository
as shown below:
http://www.openbsd.org/cgi-bin/cvsweb/src/sys/netinet/tcp_input.c.diff?r1=1.109&r2=1.110
http://cvsweb.netbsd.org/bsdweb.cgi/syssrc/sys/netinet/tcp_input.c.diff?r1=1.136&r2=1.137
thank you for the report.
itojun
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]