On Thu, 6 Jun 2002 [EMAIL PROTECTED] wrote:
> ---------- Forwarded message begins here ----------
>
> Hi Wolfgang:
>
> > CERN and other institutes are currently attacked from
> > 130.237.48.109 (sul.e.kth.se)
> > By scanning port 7001 and sending malicious packets the attacker
> > was able to crash AFS servers.
> > Reports have shown that at least Solaris 5.6 and 5.7 machines and AIX
> > 4.3.3 machines are affected, but probably that are not the only
> > platforms.
>
> > We reccommend to take appropriate mesures against this attack (at
> > least blocking the originating site)
>
> > The versions of AFS involved in our sad experien ce were 3.6 build
> > 2.5 (patch1) and 3.6 build 2.26 (patch3).
>
> We addressed many of these problems in Patch 4 of the AFS code base
>
> 3.6 build 2.27 and was part of patch 4
> 3.6 build 2.32
>
> We would need to verify that the problem you saw was related to the
> problems you saw.
>
> Thanks
>
> Todd DeSantis
> AFS Support
Does anyone know if the vulnerability exists in 3.4a (latest build)?
Thanks.
Mike Ellwood
_______________________________________________
OpenAFS-info mailing list
[EMAIL PROTECTED]
https://lists.openafs.org/mailman/listinfo/openafs-info
