Lan Barnes said:
> On Fri, Apr 22, 2005 at 10:48:33AM -0700, Neil Schneider wrote:
>>
>> This came from one of the SANS lists that I subscribe to. Please
>> follow the link, and if you have a vulnerable system, patch it. This
>> bug effects Linux and Windows.
>>
>> Description: Multiple Vendor TCP/IP stack implementations are
>> reported
>> vulnerable to a denial of service issue and occurs when an erroneous
>> TCP acknowledgement number is encountered in an active TCP session
>> stream. An attacker can inject a rogue TCP packet containing a valid
>> sequence number and an invalid acknowledgement number into a target
>> TCP stream to cause this issue to result in a degradation of the
>> target connection, effectively denying service for legitimate users.
>> Please refer the following link for vulnerable systems.
>> Ref: http://www.securityfocus.com/bid/13215/info/
>>
>
> I can't find any patches.
You may have to wait a day or two for them to show up. Check the
repository for your distribution over the next few days.
--
Neil Schneider pacneil_at_linuxgeek_dot_net
http://www.paccomp.com
Key fingerprint = 67F0 E493 FCC0 0A8C 769B 8209 32D7 1DB1 8460 C47D
Sometimes I wonder whether the world is being run by smart people who
are putting us on, or by imbeciles who really mean it - Mark Twain
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
