Re: Kernel 2.4.21 Forwarding table vulnerability
Florian Weimer [EMAIL PROTECTED] wrote:
Bruce Banner [EMAIL PROTECTED] writes:
CAN-2003-0552: Jerry Kreuscher discovered that the Forwarding table
could be spoofed by sending forged packets with bogus source
addresses the same as the local host.
Ah, this one. I don't even know if it's about IP.
As usual, Red Hat's advisory is a joke. *sigh*
If you don't use bridging then it doesn't affect you.
--
Debian GNU/Linux 3.0 is out! ( http://www.debian.org/ )
Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Kernel 2.4.21 Forwarding table vulnerability
Thanks,
--- Herbert Xu [EMAIL PROTECTED] wrote:
Florian Weimer [EMAIL PROTECTED] wrote:
Bruce Banner [EMAIL PROTECTED] writes:
CAN-2003-0552: Jerry Kreuscher discovered that
the Forwarding table
could be spoofed by sending forged packets with
bogus source
addresses the same as the local host.
Ah, this one. I don't even know if it's about IP.
As usual, Red Hat's advisory is a joke. *sigh*
If you don't use bridging then it doesn't affect
you.
--
Debian GNU/Linux 3.0 is out! (
http://www.debian.org/ )
Email: Herbert Xu ~{PmVHI~}
[EMAIL PROTECTED]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key:
http://gondor.apana.org.au/~herbert/pubkey.txt
--
To UNSUBSCRIBE, email to
[EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact
[EMAIL PROTECTED]
__
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Kernel 2.4.21 Forwarding table vulnerability
Beware there is also a vulnerability in the spanning
tree implementation as well so.
Peace
--- Phillip Hofmeister [EMAIL PROTECTED] wrote:
If I do use bridging...is there a patch?
What is the consequences of an unpatched system? (In
more detail than
below)
On Mon, 28 Jul 2003 at 07:39:53PM +1000, Herbert Xu
wrote:
Florian Weimer [EMAIL PROTECTED] wrote:
Bruce Banner [EMAIL PROTECTED] writes:
CAN-2003-0552: Jerry Kreuscher discovered that
the Forwarding table
could be spoofed by sending forged packets with
bogus source
addresses the same as the local host.
Ah, this one. I don't even know if it's about
IP.
As usual, Red Hat's advisory is a joke. *sigh*
If you don't use bridging then it doesn't affect
you.
--
Debian GNU/Linux 3.0 is out! (
http://www.debian.org/ )
Email: Herbert Xu ~{PmVHI~}
[EMAIL PROTECTED]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key:
http://gondor.apana.org.au/~herbert/pubkey.txt
--
Phillip Hofmeister
PGP/GPG Key:
http://www.zionlth.org/~plhofmei/
wget -O - http://www.zionlth.org/~plhofmei/key.txt |
gpg --import
--
Excuse #20: Monitor resolution too high
--
To UNSUBSCRIBE, email to
[EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact
[EMAIL PROTECTED]
__
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Kernel 2.4.21 Forwarding table vulnerability
Herbert Xu [EMAIL PROTECTED] writes: CAN-2003-0552: Jerry Kreuscher discovered that the Forwarding table could be spoofed by sending forged packets with bogus source addresses the same as the local host. Ah, this one. I don't even know if it's about IP. As usual, Red Hat's advisory is a joke. *sigh* If you don't use bridging then it doesn't affect you. Do you know where a detailed advisory can be found? Thanks. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Kernel 2.4.21 Forwarding table vulnerability
Why download the source from RedHat? The source from debian is also
patched with needed patches.
apt-get install kernel-source
On Mon, 2003-07-28 at 19:05, Bruce Banner wrote:
You can download Red Hats
kernel-source-2.4.20-19.9.i386.rpm run alien against
it and install the dpkg'ed kernel-source.deb. I have
been forced to do this in the past to get patches that
havn't been released or in the main stream kernel from
kernel.org yet.
Peace
--- Phillip Hofmeister [EMAIL PROTECTED] wrote:
If I do use bridging...is there a patch?
What is the consequences of an unpatched system? (In
more detail than
below)
On Mon, 28 Jul 2003 at 07:39:53PM +1000, Herbert Xu
wrote:
Florian Weimer [EMAIL PROTECTED] wrote:
Bruce Banner [EMAIL PROTECTED] writes:
CAN-2003-0552: Jerry Kreuscher discovered that
the Forwarding table
could be spoofed by sending forged packets with
bogus source
addresses the same as the local host.
Ah, this one. I don't even know if it's about
IP.
As usual, Red Hat's advisory is a joke. *sigh*
If you don't use bridging then it doesn't affect
you.
--
Debian GNU/Linux 3.0 is out! (
http://www.debian.org/ )
Email: Herbert Xu ~{PmVHI~}
[EMAIL PROTECTED]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key:
http://gondor.apana.org.au/~herbert/pubkey.txt
--
Phillip Hofmeister
PGP/GPG Key:
http://www.zionlth.org/~plhofmei/
wget -O - http://www.zionlth.org/~plhofmei/key.txt |
gpg --import
--
Excuse #20: Monitor resolution too high
--
To UNSUBSCRIBE, email to
[EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact
[EMAIL PROTECTED]
__
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Kernel 2.4.21 Forwarding table vulnerability
When were they patched? And how do I know when they
are patched and when they are available? Is there
somewhere I can find this info? I found the Red Hat
info on Bugtraq but there was no mention of Debian
Source anywhere.
Thanks
--- Matthijs Mohlmann [EMAIL PROTECTED]
wrote:
Why download the source from RedHat? The source from
debian is also
patched with needed patches.
apt-get install kernel-source
On Mon, 2003-07-28 at 19:05, Bruce Banner wrote:
You can download Red Hats
kernel-source-2.4.20-19.9.i386.rpm run alien
against
it and install the dpkg'ed kernel-source.deb. I
have
been forced to do this in the past to get patches
that
havn't been released or in the main stream kernel
from
kernel.org yet.
Peace
--- Phillip Hofmeister [EMAIL PROTECTED]
wrote:
If I do use bridging...is there a patch?
What is the consequences of an unpatched system?
(In
more detail than
below)
On Mon, 28 Jul 2003 at 07:39:53PM +1000, Herbert
Xu
wrote:
Florian Weimer [EMAIL PROTECTED] wrote:
Bruce Banner [EMAIL PROTECTED]
writes:
CAN-2003-0552: Jerry Kreuscher discovered
that
the Forwarding table
could be spoofed by sending forged packets
with
bogus source
addresses the same as the local host.
Ah, this one. I don't even know if it's
about
IP.
As usual, Red Hat's advisory is a joke.
*sigh*
If you don't use bridging then it doesn't
affect
you.
--
Debian GNU/Linux 3.0 is out! (
http://www.debian.org/ )
Email: Herbert Xu ~{PmVHI~}
[EMAIL PROTECTED]
Home Page:
http://gondor.apana.org.au/~herbert/
PGP Key:
http://gondor.apana.org.au/~herbert/pubkey.txt
--
Phillip Hofmeister
PGP/GPG Key:
http://www.zionlth.org/~plhofmei/
wget -O -
http://www.zionlth.org/~plhofmei/key.txt |
gpg --import
--
Excuse #20: Monitor resolution too high
--
To UNSUBSCRIBE, email to
[EMAIL PROTECTED]
with a subject of unsubscribe. Trouble?
Contact
[EMAIL PROTECTED]
__
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site
design software
http://sitebuilder.yahoo.com
--
To UNSUBSCRIBE, email to
[EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact
[EMAIL PROTECTED]
__
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Kernel 2.4.21 Forwarding table vulnerability
Hi Bruce, On Mon Jul 28, 2003 at 11:38:51 -0700, Bruce Banner wrote: When were they patched? And how do I know when they are patched and when they are available? Is there somewhere I can find this info? I found the Red Hat info on Bugtraq but there was no mention of Debian Source anywhere. You can go to http://packages.qa.debian.org/, search for a package of your choice (for instance kernel-source-2.4.20) and check the Latest News. These contain a brief description of the changes in a package, in the same format as in /usr/share/doc/package/changelog.Debian.gz. regards, uLI -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Kernel 2.4.21 Forwarding table vulnerability
Thanks for the info. I don't like depending on Red Hat for security fixes. I want to rely on Debian for this kind of stuff I just didn't know where to find it. Thanks --- Ulrich Scholler [EMAIL PROTECTED] wrote: Hi Bruce, On Mon Jul 28, 2003 at 11:38:51 -0700, Bruce Banner wrote: When were they patched? And how do I know when they are patched and when they are available? Is there somewhere I can find this info? I found the Red Hat info on Bugtraq but there was no mention of Debian Source anywhere. You can go to http://packages.qa.debian.org/, search for a package of your choice (for instance kernel-source-2.4.20) and check the Latest News. These contain a brief description of the changes in a package, in the same format as in /usr/share/doc/package/changelog.Debian.gz. regards, uLI -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Kernel 2.4.21 Forwarding table vulnerability
On Mon, Jul 28, 2003 at 11:38:51AM -0700, Bruce Banner wrote: When were they patched? And how do I know when they are patched and when they are available? Is there somewhere I can find this info? You could subscribe to [EMAIL PROTECTED] See http://lists.debian.org/debian-changes/ Marcin PS: please reply _below_ the citation and cut unneeded text. -- Marcin Owsiany [EMAIL PROTECTED] http://marcin.owsiany.pl/ GnuPG: 1024D/60F41216 FE67 DA2D 0ACA FC5E 3F75 D6F6 3A0D 8AA0 60F4 1216 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Kernel 2.4.21 Forwarding table vulnerability
Florian Weimer [EMAIL PROTECTED] wrote:
Bruce Banner [EMAIL PROTECTED] writes:
CAN-2003-0552: Jerry Kreuscher discovered that the Forwarding table
could be spoofed by sending forged packets with bogus source
addresses the same as the local host.
Ah, this one. I don't even know if it's about IP.
As usual, Red Hat's advisory is a joke. *sigh*
If you don't use bridging then it doesn't affect you.
--
Debian GNU/Linux 3.0 is out! ( http://www.debian.org/ )
Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Re: Kernel 2.4.21 Forwarding table vulnerability
Thanks,
--- Herbert Xu [EMAIL PROTECTED] wrote:
Florian Weimer [EMAIL PROTECTED] wrote:
Bruce Banner [EMAIL PROTECTED] writes:
CAN-2003-0552: Jerry Kreuscher discovered that
the Forwarding table
could be spoofed by sending forged packets with
bogus source
addresses the same as the local host.
Ah, this one. I don't even know if it's about IP.
As usual, Red Hat's advisory is a joke. *sigh*
If you don't use bridging then it doesn't affect
you.
--
Debian GNU/Linux 3.0 is out! (
http://www.debian.org/ )
Email: Herbert Xu ~{PmVHI~}
[EMAIL PROTECTED]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key:
http://gondor.apana.org.au/~herbert/pubkey.txt
--
To UNSUBSCRIBE, email to
[EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact
[EMAIL PROTECTED]
__
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com
Re: Kernel 2.4.21 Forwarding table vulnerability
If I do use bridging...is there a patch?
What is the consequences of an unpatched system? (In more detail than
below)
On Mon, 28 Jul 2003 at 07:39:53PM +1000, Herbert Xu wrote:
Florian Weimer [EMAIL PROTECTED] wrote:
Bruce Banner [EMAIL PROTECTED] writes:
CAN-2003-0552: Jerry Kreuscher discovered that the Forwarding table
could be spoofed by sending forged packets with bogus source
addresses the same as the local host.
Ah, this one. I don't even know if it's about IP.
As usual, Red Hat's advisory is a joke. *sigh*
If you don't use bridging then it doesn't affect you.
--
Debian GNU/Linux 3.0 is out! ( http://www.debian.org/ )
Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
Phillip Hofmeister
PGP/GPG Key:
http://www.zionlth.org/~plhofmei/
wget -O - http://www.zionlth.org/~plhofmei/key.txt | gpg --import
--
Excuse #20: Monitor resolution too high
Re: Kernel 2.4.21 Forwarding table vulnerability
Beware there is also a vulnerability in the spanning
tree implementation as well so.
Peace
--- Phillip Hofmeister [EMAIL PROTECTED] wrote:
If I do use bridging...is there a patch?
What is the consequences of an unpatched system? (In
more detail than
below)
On Mon, 28 Jul 2003 at 07:39:53PM +1000, Herbert Xu
wrote:
Florian Weimer [EMAIL PROTECTED] wrote:
Bruce Banner [EMAIL PROTECTED] writes:
CAN-2003-0552: Jerry Kreuscher discovered that
the Forwarding table
could be spoofed by sending forged packets with
bogus source
addresses the same as the local host.
Ah, this one. I don't even know if it's about
IP.
As usual, Red Hat's advisory is a joke. *sigh*
If you don't use bridging then it doesn't affect
you.
--
Debian GNU/Linux 3.0 is out! (
http://www.debian.org/ )
Email: Herbert Xu ~{PmVHI~}
[EMAIL PROTECTED]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key:
http://gondor.apana.org.au/~herbert/pubkey.txt
--
Phillip Hofmeister
PGP/GPG Key:
http://www.zionlth.org/~plhofmei/
wget -O - http://www.zionlth.org/~plhofmei/key.txt |
gpg --import
--
Excuse #20: Monitor resolution too high
--
To UNSUBSCRIBE, email to
[EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact
[EMAIL PROTECTED]
__
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com
Re: Kernel 2.4.21 Forwarding table vulnerability
Herbert Xu [EMAIL PROTECTED] writes: CAN-2003-0552: Jerry Kreuscher discovered that the Forwarding table could be spoofed by sending forged packets with bogus source addresses the same as the local host. Ah, this one. I don't even know if it's about IP. As usual, Red Hat's advisory is a joke. *sigh* If you don't use bridging then it doesn't affect you. Do you know where a detailed advisory can be found? Thanks.
Re: Kernel 2.4.21 Forwarding table vulnerability
You can download Red Hats
kernel-source-2.4.20-19.9.i386.rpm run alien against
it and install the dpkg'ed kernel-source.deb. I have
been forced to do this in the past to get patches that
havn't been released or in the main stream kernel from
kernel.org yet.
Peace
--- Phillip Hofmeister [EMAIL PROTECTED] wrote:
If I do use bridging...is there a patch?
What is the consequences of an unpatched system? (In
more detail than
below)
On Mon, 28 Jul 2003 at 07:39:53PM +1000, Herbert Xu
wrote:
Florian Weimer [EMAIL PROTECTED] wrote:
Bruce Banner [EMAIL PROTECTED] writes:
CAN-2003-0552: Jerry Kreuscher discovered that
the Forwarding table
could be spoofed by sending forged packets with
bogus source
addresses the same as the local host.
Ah, this one. I don't even know if it's about
IP.
As usual, Red Hat's advisory is a joke. *sigh*
If you don't use bridging then it doesn't affect
you.
--
Debian GNU/Linux 3.0 is out! (
http://www.debian.org/ )
Email: Herbert Xu ~{PmVHI~}
[EMAIL PROTECTED]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key:
http://gondor.apana.org.au/~herbert/pubkey.txt
--
Phillip Hofmeister
PGP/GPG Key:
http://www.zionlth.org/~plhofmei/
wget -O - http://www.zionlth.org/~plhofmei/key.txt |
gpg --import
--
Excuse #20: Monitor resolution too high
--
To UNSUBSCRIBE, email to
[EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact
[EMAIL PROTECTED]
__
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com
Re: Kernel 2.4.21 Forwarding table vulnerability
Why download the source from RedHat? The source from debian is also
patched with needed patches.
apt-get install kernel-source
On Mon, 2003-07-28 at 19:05, Bruce Banner wrote:
You can download Red Hats
kernel-source-2.4.20-19.9.i386.rpm run alien against
it and install the dpkg'ed kernel-source.deb. I have
been forced to do this in the past to get patches that
havn't been released or in the main stream kernel from
kernel.org yet.
Peace
--- Phillip Hofmeister [EMAIL PROTECTED] wrote:
If I do use bridging...is there a patch?
What is the consequences of an unpatched system? (In
more detail than
below)
On Mon, 28 Jul 2003 at 07:39:53PM +1000, Herbert Xu
wrote:
Florian Weimer [EMAIL PROTECTED] wrote:
Bruce Banner [EMAIL PROTECTED] writes:
CAN-2003-0552: Jerry Kreuscher discovered that
the Forwarding table
could be spoofed by sending forged packets with
bogus source
addresses the same as the local host.
Ah, this one. I don't even know if it's about
IP.
As usual, Red Hat's advisory is a joke. *sigh*
If you don't use bridging then it doesn't affect
you.
--
Debian GNU/Linux 3.0 is out! (
http://www.debian.org/ )
Email: Herbert Xu ~{PmVHI~}
[EMAIL PROTECTED]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key:
http://gondor.apana.org.au/~herbert/pubkey.txt
--
Phillip Hofmeister
PGP/GPG Key:
http://www.zionlth.org/~plhofmei/
wget -O - http://www.zionlth.org/~plhofmei/key.txt |
gpg --import
--
Excuse #20: Monitor resolution too high
--
To UNSUBSCRIBE, email to
[EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact
[EMAIL PROTECTED]
__
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com
Re: Kernel 2.4.21 Forwarding table vulnerability
When were they patched? And how do I know when they
are patched and when they are available? Is there
somewhere I can find this info? I found the Red Hat
info on Bugtraq but there was no mention of Debian
Source anywhere.
Thanks
--- Matthijs Mohlmann [EMAIL PROTECTED]
wrote:
Why download the source from RedHat? The source from
debian is also
patched with needed patches.
apt-get install kernel-source
On Mon, 2003-07-28 at 19:05, Bruce Banner wrote:
You can download Red Hats
kernel-source-2.4.20-19.9.i386.rpm run alien
against
it and install the dpkg'ed kernel-source.deb. I
have
been forced to do this in the past to get patches
that
havn't been released or in the main stream kernel
from
kernel.org yet.
Peace
--- Phillip Hofmeister [EMAIL PROTECTED]
wrote:
If I do use bridging...is there a patch?
What is the consequences of an unpatched system?
(In
more detail than
below)
On Mon, 28 Jul 2003 at 07:39:53PM +1000, Herbert
Xu
wrote:
Florian Weimer [EMAIL PROTECTED] wrote:
Bruce Banner [EMAIL PROTECTED]
writes:
CAN-2003-0552: Jerry Kreuscher discovered
that
the Forwarding table
could be spoofed by sending forged packets
with
bogus source
addresses the same as the local host.
Ah, this one. I don't even know if it's
about
IP.
As usual, Red Hat's advisory is a joke.
*sigh*
If you don't use bridging then it doesn't
affect
you.
--
Debian GNU/Linux 3.0 is out! (
http://www.debian.org/ )
Email: Herbert Xu ~{PmVHI~}
[EMAIL PROTECTED]
Home Page:
http://gondor.apana.org.au/~herbert/
PGP Key:
http://gondor.apana.org.au/~herbert/pubkey.txt
--
Phillip Hofmeister
PGP/GPG Key:
http://www.zionlth.org/~plhofmei/
wget -O -
http://www.zionlth.org/~plhofmei/key.txt |
gpg --import
--
Excuse #20: Monitor resolution too high
--
To UNSUBSCRIBE, email to
[EMAIL PROTECTED]
with a subject of unsubscribe. Trouble?
Contact
[EMAIL PROTECTED]
__
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site
design software
http://sitebuilder.yahoo.com
--
To UNSUBSCRIBE, email to
[EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact
[EMAIL PROTECTED]
__
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com
Re: Kernel 2.4.21 Forwarding table vulnerability
Hi Bruce, On Mon Jul 28, 2003 at 11:38:51 -0700, Bruce Banner wrote: When were they patched? And how do I know when they are patched and when they are available? Is there somewhere I can find this info? I found the Red Hat info on Bugtraq but there was no mention of Debian Source anywhere. You can go to http://packages.qa.debian.org/, search for a package of your choice (for instance kernel-source-2.4.20) and check the Latest News. These contain a brief description of the changes in a package, in the same format as in /usr/share/doc/package/changelog.Debian.gz. regards, uLI
Re: Kernel 2.4.21 Forwarding table vulnerability
Thanks for the info. I don't like depending on Red Hat for security fixes. I want to rely on Debian for this kind of stuff I just didn't know where to find it. Thanks --- Ulrich Scholler [EMAIL PROTECTED] wrote: Hi Bruce, On Mon Jul 28, 2003 at 11:38:51 -0700, Bruce Banner wrote: When were they patched? And how do I know when they are patched and when they are available? Is there somewhere I can find this info? I found the Red Hat info on Bugtraq but there was no mention of Debian Source anywhere. You can go to http://packages.qa.debian.org/, search for a package of your choice (for instance kernel-source-2.4.20) and check the Latest News. These contain a brief description of the changes in a package, in the same format as in /usr/share/doc/package/changelog.Debian.gz. regards, uLI -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com
Re: Kernel 2.4.21 Forwarding table vulnerability
On Mon, Jul 28, 2003 at 11:38:51AM -0700, Bruce Banner wrote: When were they patched? And how do I know when they are patched and when they are available? Is there somewhere I can find this info? You could subscribe to debian-changes@lists.debian.org See http://lists.debian.org/debian-changes/ Marcin PS: please reply _below_ the citation and cut unneeded text. -- Marcin Owsiany [EMAIL PROTECTED] http://marcin.owsiany.pl/ GnuPG: 1024D/60F41216 FE67 DA2D 0ACA FC5E 3F75 D6F6 3A0D 8AA0 60F4 1216
Kernel 2.4.21 Forwarding table vulnerability
What impact does the Forwarding Table Vulnerability of late have? Is this only a problem if you have ip forwarding enabled and setup as a router or is this part of the normal ip stack functions that affects the kernel no matter what services you are running on your server? I can't find any info on this vulnerability that explains the problem in any detail. If someone could shed some light for me I would appreciate it. Thanks __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Kernel 2.4.21 Forwarding table vulnerability
Bruce Banner [EMAIL PROTECTED] writes: What impact does the Forwarding Table Vulnerability of late have? Which vulnerability are you talking about? Do you have CVE name for it? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Kernel 2.4.21 Forwarding table vulnerability
CAN-2003-0552: Jerry Kreuscher discovered that the Forwarding table could be spoofed by sending forged packets with bogus source addresses the same as the local host. --- Florian Weimer [EMAIL PROTECTED] wrote: Bruce Banner [EMAIL PROTECTED] writes: What impact does the Forwarding Table Vulnerability of late have? Which vulnerability are you talking about? Do you have CVE name for it? __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Kernel 2.4.21 Forwarding table vulnerability
Bruce Banner [EMAIL PROTECTED] writes: CAN-2003-0552: Jerry Kreuscher discovered that the Forwarding table could be spoofed by sending forged packets with bogus source addresses the same as the local host. Ah, this one. I don't even know if it's about IP. As usual, Red Hat's advisory is a joke. *sigh* -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Kernel 2.4.21 Forwarding table vulnerability
What impact does the Forwarding Table Vulnerability of late have? Is this only a problem if you have ip forwarding enabled and setup as a router or is this part of the normal ip stack functions that affects the kernel no matter what services you are running on your server? I can't find any info on this vulnerability that explains the problem in any detail. If someone could shed some light for me I would appreciate it. Thanks __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com
Re: Kernel 2.4.21 Forwarding table vulnerability
Bruce Banner [EMAIL PROTECTED] writes: What impact does the Forwarding Table Vulnerability of late have? Which vulnerability are you talking about? Do you have CVE name for it?
Re: Kernel 2.4.21 Forwarding table vulnerability
CAN-2003-0552: Jerry Kreuscher discovered that the Forwarding table could be spoofed by sending forged packets with bogus source addresses the same as the local host. --- Florian Weimer [EMAIL PROTECTED] wrote: Bruce Banner [EMAIL PROTECTED] writes: What impact does the Forwarding Table Vulnerability of late have? Which vulnerability are you talking about? Do you have CVE name for it? __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com
