Re: Kernel 2.4.21 Forwarding table vulnerability
Florian Weimer [EMAIL PROTECTED] wrote: Bruce Banner [EMAIL PROTECTED] writes: CAN-2003-0552: Jerry Kreuscher discovered that the Forwarding table could be spoofed by sending forged packets with bogus source addresses the same as the local host. Ah, this one. I don't even know if it's about IP. As usual, Red Hat's advisory is a joke. *sigh* If you don't use bridging then it doesn't affect you. -- Debian GNU/Linux 3.0 is out! ( http://www.debian.org/ ) Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED] Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Kernel 2.4.21 Forwarding table vulnerability
Thanks, --- Herbert Xu [EMAIL PROTECTED] wrote: Florian Weimer [EMAIL PROTECTED] wrote: Bruce Banner [EMAIL PROTECTED] writes: CAN-2003-0552: Jerry Kreuscher discovered that the Forwarding table could be spoofed by sending forged packets with bogus source addresses the same as the local host. Ah, this one. I don't even know if it's about IP. As usual, Red Hat's advisory is a joke. *sigh* If you don't use bridging then it doesn't affect you. -- Debian GNU/Linux 3.0 is out! ( http://www.debian.org/ ) Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED] Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Kernel 2.4.21 Forwarding table vulnerability
Beware there is also a vulnerability in the spanning tree implementation as well so. Peace --- Phillip Hofmeister [EMAIL PROTECTED] wrote: If I do use bridging...is there a patch? What is the consequences of an unpatched system? (In more detail than below) On Mon, 28 Jul 2003 at 07:39:53PM +1000, Herbert Xu wrote: Florian Weimer [EMAIL PROTECTED] wrote: Bruce Banner [EMAIL PROTECTED] writes: CAN-2003-0552: Jerry Kreuscher discovered that the Forwarding table could be spoofed by sending forged packets with bogus source addresses the same as the local host. Ah, this one. I don't even know if it's about IP. As usual, Red Hat's advisory is a joke. *sigh* If you don't use bridging then it doesn't affect you. -- Debian GNU/Linux 3.0 is out! ( http://www.debian.org/ ) Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED] Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- Phillip Hofmeister PGP/GPG Key: http://www.zionlth.org/~plhofmei/ wget -O - http://www.zionlth.org/~plhofmei/key.txt | gpg --import -- Excuse #20: Monitor resolution too high -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Kernel 2.4.21 Forwarding table vulnerability
Herbert Xu [EMAIL PROTECTED] writes: CAN-2003-0552: Jerry Kreuscher discovered that the Forwarding table could be spoofed by sending forged packets with bogus source addresses the same as the local host. Ah, this one. I don't even know if it's about IP. As usual, Red Hat's advisory is a joke. *sigh* If you don't use bridging then it doesn't affect you. Do you know where a detailed advisory can be found? Thanks. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Kernel 2.4.21 Forwarding table vulnerability
Why download the source from RedHat? The source from debian is also patched with needed patches. apt-get install kernel-source On Mon, 2003-07-28 at 19:05, Bruce Banner wrote: You can download Red Hats kernel-source-2.4.20-19.9.i386.rpm run alien against it and install the dpkg'ed kernel-source.deb. I have been forced to do this in the past to get patches that havn't been released or in the main stream kernel from kernel.org yet. Peace --- Phillip Hofmeister [EMAIL PROTECTED] wrote: If I do use bridging...is there a patch? What is the consequences of an unpatched system? (In more detail than below) On Mon, 28 Jul 2003 at 07:39:53PM +1000, Herbert Xu wrote: Florian Weimer [EMAIL PROTECTED] wrote: Bruce Banner [EMAIL PROTECTED] writes: CAN-2003-0552: Jerry Kreuscher discovered that the Forwarding table could be spoofed by sending forged packets with bogus source addresses the same as the local host. Ah, this one. I don't even know if it's about IP. As usual, Red Hat's advisory is a joke. *sigh* If you don't use bridging then it doesn't affect you. -- Debian GNU/Linux 3.0 is out! ( http://www.debian.org/ ) Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED] Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- Phillip Hofmeister PGP/GPG Key: http://www.zionlth.org/~plhofmei/ wget -O - http://www.zionlth.org/~plhofmei/key.txt | gpg --import -- Excuse #20: Monitor resolution too high -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Kernel 2.4.21 Forwarding table vulnerability
When were they patched? And how do I know when they are patched and when they are available? Is there somewhere I can find this info? I found the Red Hat info on Bugtraq but there was no mention of Debian Source anywhere. Thanks --- Matthijs Mohlmann [EMAIL PROTECTED] wrote: Why download the source from RedHat? The source from debian is also patched with needed patches. apt-get install kernel-source On Mon, 2003-07-28 at 19:05, Bruce Banner wrote: You can download Red Hats kernel-source-2.4.20-19.9.i386.rpm run alien against it and install the dpkg'ed kernel-source.deb. I have been forced to do this in the past to get patches that havn't been released or in the main stream kernel from kernel.org yet. Peace --- Phillip Hofmeister [EMAIL PROTECTED] wrote: If I do use bridging...is there a patch? What is the consequences of an unpatched system? (In more detail than below) On Mon, 28 Jul 2003 at 07:39:53PM +1000, Herbert Xu wrote: Florian Weimer [EMAIL PROTECTED] wrote: Bruce Banner [EMAIL PROTECTED] writes: CAN-2003-0552: Jerry Kreuscher discovered that the Forwarding table could be spoofed by sending forged packets with bogus source addresses the same as the local host. Ah, this one. I don't even know if it's about IP. As usual, Red Hat's advisory is a joke. *sigh* If you don't use bridging then it doesn't affect you. -- Debian GNU/Linux 3.0 is out! ( http://www.debian.org/ ) Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED] Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- Phillip Hofmeister PGP/GPG Key: http://www.zionlth.org/~plhofmei/ wget -O - http://www.zionlth.org/~plhofmei/key.txt | gpg --import -- Excuse #20: Monitor resolution too high -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Kernel 2.4.21 Forwarding table vulnerability
Hi Bruce, On Mon Jul 28, 2003 at 11:38:51 -0700, Bruce Banner wrote: When were they patched? And how do I know when they are patched and when they are available? Is there somewhere I can find this info? I found the Red Hat info on Bugtraq but there was no mention of Debian Source anywhere. You can go to http://packages.qa.debian.org/, search for a package of your choice (for instance kernel-source-2.4.20) and check the Latest News. These contain a brief description of the changes in a package, in the same format as in /usr/share/doc/package/changelog.Debian.gz. regards, uLI -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Kernel 2.4.21 Forwarding table vulnerability
Thanks for the info. I don't like depending on Red Hat for security fixes. I want to rely on Debian for this kind of stuff I just didn't know where to find it. Thanks --- Ulrich Scholler [EMAIL PROTECTED] wrote: Hi Bruce, On Mon Jul 28, 2003 at 11:38:51 -0700, Bruce Banner wrote: When were they patched? And how do I know when they are patched and when they are available? Is there somewhere I can find this info? I found the Red Hat info on Bugtraq but there was no mention of Debian Source anywhere. You can go to http://packages.qa.debian.org/, search for a package of your choice (for instance kernel-source-2.4.20) and check the Latest News. These contain a brief description of the changes in a package, in the same format as in /usr/share/doc/package/changelog.Debian.gz. regards, uLI -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Kernel 2.4.21 Forwarding table vulnerability
On Mon, Jul 28, 2003 at 11:38:51AM -0700, Bruce Banner wrote: When were they patched? And how do I know when they are patched and when they are available? Is there somewhere I can find this info? You could subscribe to [EMAIL PROTECTED] See http://lists.debian.org/debian-changes/ Marcin PS: please reply _below_ the citation and cut unneeded text. -- Marcin Owsiany [EMAIL PROTECTED] http://marcin.owsiany.pl/ GnuPG: 1024D/60F41216 FE67 DA2D 0ACA FC5E 3F75 D6F6 3A0D 8AA0 60F4 1216 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Kernel 2.4.21 Forwarding table vulnerability
Florian Weimer [EMAIL PROTECTED] wrote: Bruce Banner [EMAIL PROTECTED] writes: CAN-2003-0552: Jerry Kreuscher discovered that the Forwarding table could be spoofed by sending forged packets with bogus source addresses the same as the local host. Ah, this one. I don't even know if it's about IP. As usual, Red Hat's advisory is a joke. *sigh* If you don't use bridging then it doesn't affect you. -- Debian GNU/Linux 3.0 is out! ( http://www.debian.org/ ) Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED] Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Re: Kernel 2.4.21 Forwarding table vulnerability
Thanks, --- Herbert Xu [EMAIL PROTECTED] wrote: Florian Weimer [EMAIL PROTECTED] wrote: Bruce Banner [EMAIL PROTECTED] writes: CAN-2003-0552: Jerry Kreuscher discovered that the Forwarding table could be spoofed by sending forged packets with bogus source addresses the same as the local host. Ah, this one. I don't even know if it's about IP. As usual, Red Hat's advisory is a joke. *sigh* If you don't use bridging then it doesn't affect you. -- Debian GNU/Linux 3.0 is out! ( http://www.debian.org/ ) Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED] Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com
Re: Kernel 2.4.21 Forwarding table vulnerability
If I do use bridging...is there a patch? What is the consequences of an unpatched system? (In more detail than below) On Mon, 28 Jul 2003 at 07:39:53PM +1000, Herbert Xu wrote: Florian Weimer [EMAIL PROTECTED] wrote: Bruce Banner [EMAIL PROTECTED] writes: CAN-2003-0552: Jerry Kreuscher discovered that the Forwarding table could be spoofed by sending forged packets with bogus source addresses the same as the local host. Ah, this one. I don't even know if it's about IP. As usual, Red Hat's advisory is a joke. *sigh* If you don't use bridging then it doesn't affect you. -- Debian GNU/Linux 3.0 is out! ( http://www.debian.org/ ) Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED] Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- Phillip Hofmeister PGP/GPG Key: http://www.zionlth.org/~plhofmei/ wget -O - http://www.zionlth.org/~plhofmei/key.txt | gpg --import -- Excuse #20: Monitor resolution too high
Re: Kernel 2.4.21 Forwarding table vulnerability
Beware there is also a vulnerability in the spanning tree implementation as well so. Peace --- Phillip Hofmeister [EMAIL PROTECTED] wrote: If I do use bridging...is there a patch? What is the consequences of an unpatched system? (In more detail than below) On Mon, 28 Jul 2003 at 07:39:53PM +1000, Herbert Xu wrote: Florian Weimer [EMAIL PROTECTED] wrote: Bruce Banner [EMAIL PROTECTED] writes: CAN-2003-0552: Jerry Kreuscher discovered that the Forwarding table could be spoofed by sending forged packets with bogus source addresses the same as the local host. Ah, this one. I don't even know if it's about IP. As usual, Red Hat's advisory is a joke. *sigh* If you don't use bridging then it doesn't affect you. -- Debian GNU/Linux 3.0 is out! ( http://www.debian.org/ ) Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED] Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- Phillip Hofmeister PGP/GPG Key: http://www.zionlth.org/~plhofmei/ wget -O - http://www.zionlth.org/~plhofmei/key.txt | gpg --import -- Excuse #20: Monitor resolution too high -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com
Re: Kernel 2.4.21 Forwarding table vulnerability
Herbert Xu [EMAIL PROTECTED] writes: CAN-2003-0552: Jerry Kreuscher discovered that the Forwarding table could be spoofed by sending forged packets with bogus source addresses the same as the local host. Ah, this one. I don't even know if it's about IP. As usual, Red Hat's advisory is a joke. *sigh* If you don't use bridging then it doesn't affect you. Do you know where a detailed advisory can be found? Thanks.
Re: Kernel 2.4.21 Forwarding table vulnerability
You can download Red Hats kernel-source-2.4.20-19.9.i386.rpm run alien against it and install the dpkg'ed kernel-source.deb. I have been forced to do this in the past to get patches that havn't been released or in the main stream kernel from kernel.org yet. Peace --- Phillip Hofmeister [EMAIL PROTECTED] wrote: If I do use bridging...is there a patch? What is the consequences of an unpatched system? (In more detail than below) On Mon, 28 Jul 2003 at 07:39:53PM +1000, Herbert Xu wrote: Florian Weimer [EMAIL PROTECTED] wrote: Bruce Banner [EMAIL PROTECTED] writes: CAN-2003-0552: Jerry Kreuscher discovered that the Forwarding table could be spoofed by sending forged packets with bogus source addresses the same as the local host. Ah, this one. I don't even know if it's about IP. As usual, Red Hat's advisory is a joke. *sigh* If you don't use bridging then it doesn't affect you. -- Debian GNU/Linux 3.0 is out! ( http://www.debian.org/ ) Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED] Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- Phillip Hofmeister PGP/GPG Key: http://www.zionlth.org/~plhofmei/ wget -O - http://www.zionlth.org/~plhofmei/key.txt | gpg --import -- Excuse #20: Monitor resolution too high -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com
Re: Kernel 2.4.21 Forwarding table vulnerability
Why download the source from RedHat? The source from debian is also patched with needed patches. apt-get install kernel-source On Mon, 2003-07-28 at 19:05, Bruce Banner wrote: You can download Red Hats kernel-source-2.4.20-19.9.i386.rpm run alien against it and install the dpkg'ed kernel-source.deb. I have been forced to do this in the past to get patches that havn't been released or in the main stream kernel from kernel.org yet. Peace --- Phillip Hofmeister [EMAIL PROTECTED] wrote: If I do use bridging...is there a patch? What is the consequences of an unpatched system? (In more detail than below) On Mon, 28 Jul 2003 at 07:39:53PM +1000, Herbert Xu wrote: Florian Weimer [EMAIL PROTECTED] wrote: Bruce Banner [EMAIL PROTECTED] writes: CAN-2003-0552: Jerry Kreuscher discovered that the Forwarding table could be spoofed by sending forged packets with bogus source addresses the same as the local host. Ah, this one. I don't even know if it's about IP. As usual, Red Hat's advisory is a joke. *sigh* If you don't use bridging then it doesn't affect you. -- Debian GNU/Linux 3.0 is out! ( http://www.debian.org/ ) Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED] Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- Phillip Hofmeister PGP/GPG Key: http://www.zionlth.org/~plhofmei/ wget -O - http://www.zionlth.org/~plhofmei/key.txt | gpg --import -- Excuse #20: Monitor resolution too high -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com
Re: Kernel 2.4.21 Forwarding table vulnerability
When were they patched? And how do I know when they are patched and when they are available? Is there somewhere I can find this info? I found the Red Hat info on Bugtraq but there was no mention of Debian Source anywhere. Thanks --- Matthijs Mohlmann [EMAIL PROTECTED] wrote: Why download the source from RedHat? The source from debian is also patched with needed patches. apt-get install kernel-source On Mon, 2003-07-28 at 19:05, Bruce Banner wrote: You can download Red Hats kernel-source-2.4.20-19.9.i386.rpm run alien against it and install the dpkg'ed kernel-source.deb. I have been forced to do this in the past to get patches that havn't been released or in the main stream kernel from kernel.org yet. Peace --- Phillip Hofmeister [EMAIL PROTECTED] wrote: If I do use bridging...is there a patch? What is the consequences of an unpatched system? (In more detail than below) On Mon, 28 Jul 2003 at 07:39:53PM +1000, Herbert Xu wrote: Florian Weimer [EMAIL PROTECTED] wrote: Bruce Banner [EMAIL PROTECTED] writes: CAN-2003-0552: Jerry Kreuscher discovered that the Forwarding table could be spoofed by sending forged packets with bogus source addresses the same as the local host. Ah, this one. I don't even know if it's about IP. As usual, Red Hat's advisory is a joke. *sigh* If you don't use bridging then it doesn't affect you. -- Debian GNU/Linux 3.0 is out! ( http://www.debian.org/ ) Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED] Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- Phillip Hofmeister PGP/GPG Key: http://www.zionlth.org/~plhofmei/ wget -O - http://www.zionlth.org/~plhofmei/key.txt | gpg --import -- Excuse #20: Monitor resolution too high -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com
Re: Kernel 2.4.21 Forwarding table vulnerability
Hi Bruce, On Mon Jul 28, 2003 at 11:38:51 -0700, Bruce Banner wrote: When were they patched? And how do I know when they are patched and when they are available? Is there somewhere I can find this info? I found the Red Hat info on Bugtraq but there was no mention of Debian Source anywhere. You can go to http://packages.qa.debian.org/, search for a package of your choice (for instance kernel-source-2.4.20) and check the Latest News. These contain a brief description of the changes in a package, in the same format as in /usr/share/doc/package/changelog.Debian.gz. regards, uLI
Re: Kernel 2.4.21 Forwarding table vulnerability
Thanks for the info. I don't like depending on Red Hat for security fixes. I want to rely on Debian for this kind of stuff I just didn't know where to find it. Thanks --- Ulrich Scholler [EMAIL PROTECTED] wrote: Hi Bruce, On Mon Jul 28, 2003 at 11:38:51 -0700, Bruce Banner wrote: When were they patched? And how do I know when they are patched and when they are available? Is there somewhere I can find this info? I found the Red Hat info on Bugtraq but there was no mention of Debian Source anywhere. You can go to http://packages.qa.debian.org/, search for a package of your choice (for instance kernel-source-2.4.20) and check the Latest News. These contain a brief description of the changes in a package, in the same format as in /usr/share/doc/package/changelog.Debian.gz. regards, uLI -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com
Re: Kernel 2.4.21 Forwarding table vulnerability
On Mon, Jul 28, 2003 at 11:38:51AM -0700, Bruce Banner wrote: When were they patched? And how do I know when they are patched and when they are available? Is there somewhere I can find this info? You could subscribe to debian-changes@lists.debian.org See http://lists.debian.org/debian-changes/ Marcin PS: please reply _below_ the citation and cut unneeded text. -- Marcin Owsiany [EMAIL PROTECTED] http://marcin.owsiany.pl/ GnuPG: 1024D/60F41216 FE67 DA2D 0ACA FC5E 3F75 D6F6 3A0D 8AA0 60F4 1216
Kernel 2.4.21 Forwarding table vulnerability
What impact does the Forwarding Table Vulnerability of late have? Is this only a problem if you have ip forwarding enabled and setup as a router or is this part of the normal ip stack functions that affects the kernel no matter what services you are running on your server? I can't find any info on this vulnerability that explains the problem in any detail. If someone could shed some light for me I would appreciate it. Thanks __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Kernel 2.4.21 Forwarding table vulnerability
Bruce Banner [EMAIL PROTECTED] writes: What impact does the Forwarding Table Vulnerability of late have? Which vulnerability are you talking about? Do you have CVE name for it? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Kernel 2.4.21 Forwarding table vulnerability
CAN-2003-0552: Jerry Kreuscher discovered that the Forwarding table could be spoofed by sending forged packets with bogus source addresses the same as the local host. --- Florian Weimer [EMAIL PROTECTED] wrote: Bruce Banner [EMAIL PROTECTED] writes: What impact does the Forwarding Table Vulnerability of late have? Which vulnerability are you talking about? Do you have CVE name for it? __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Kernel 2.4.21 Forwarding table vulnerability
Bruce Banner [EMAIL PROTECTED] writes: CAN-2003-0552: Jerry Kreuscher discovered that the Forwarding table could be spoofed by sending forged packets with bogus source addresses the same as the local host. Ah, this one. I don't even know if it's about IP. As usual, Red Hat's advisory is a joke. *sigh* -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Kernel 2.4.21 Forwarding table vulnerability
What impact does the Forwarding Table Vulnerability of late have? Is this only a problem if you have ip forwarding enabled and setup as a router or is this part of the normal ip stack functions that affects the kernel no matter what services you are running on your server? I can't find any info on this vulnerability that explains the problem in any detail. If someone could shed some light for me I would appreciate it. Thanks __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com
Re: Kernel 2.4.21 Forwarding table vulnerability
Bruce Banner [EMAIL PROTECTED] writes: What impact does the Forwarding Table Vulnerability of late have? Which vulnerability are you talking about? Do you have CVE name for it?
Re: Kernel 2.4.21 Forwarding table vulnerability
CAN-2003-0552: Jerry Kreuscher discovered that the Forwarding table could be spoofed by sending forged packets with bogus source addresses the same as the local host. --- Florian Weimer [EMAIL PROTECTED] wrote: Bruce Banner [EMAIL PROTECTED] writes: What impact does the Forwarding Table Vulnerability of late have? Which vulnerability are you talking about? Do you have CVE name for it? __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com