On Fri, 10 Aug 2018 at 08:01, Ripunjay Tripathi <ripunjay.tripa...@gmail.com>
> Thanks for the link.
> On Fri, Aug 10, 2018 at 3:19 PM Maxime Villard <m...@m00nbsd.net> wrote:
>> Le 10/08/2018 à 11:18, Ripunjay Tripathi a écrit :
>> > I am trying to test presence of CVE-2018-6922 [...]
>> NetBSD 5 is not supported anymore, and NetBSD 6 is about to reach EOL. So
>> there is no way this is ever going to be fixed in NetBSD 5.
>> I know that. I am interested in understanding if someone has already
> tested the presence OR could help me in my attempts to reproduce this.
> I also need to fix this therefore wanted to be sure if my understanding of
> code tcp_input() is correct.
I think you are mistaken - there is no need to fix - see yesterday's
conversation on tech-net, as maxv mentioned, and this from 14 years ago:
I know the code in question is opaque, but its effects should be obvious
when running the exploit code.
PS. CERT-CC were informed that NetBSD was not affected in advance of
publication, but haven't updated their list of vendors to include that.