On Thu, Oct 17, 2002 at 04:08:33PM -0400, Sinner from the Prairy wrote: > Has anyone seen this today? > http://online.securityfocus.com/archive/1/295773/2002-10-14/2002-10-20/0
While I wouldn't _disregard_ the above, it does seem highly improbable -- not impossible, however -- that through a fragmented packet being mishandled you could smash the stack and then do all the fun things a userspace daemon has to do to setup a remote root shell. The thread at http://online.securityfocus.com/archive/1/295855/2002-10-14/2002-10-20/1 outlines this pretty well imo. If you're keeping current on patches, I don't think you have to worry yourself over _this particular case_. (There are number of errors in the report, or perhaps they are typos? I would think grevious errors, since at least one response has noted correctly that 2.4.20pre20 doesn't exist [only -pre11 thus far]. Furthermore, most of the security auditing that would have made such an exploit "probable" went in on the -pre2, -pre8, and -pre9 merges from Alan Cox, who has had them in -ac for a while.) -Dan -- Dan Chen [EMAIL PROTECTED] GPG key: www.unc.edu/~crimsun/pubkey.gpg.asc _______________________________________________ TriLUG mailing list http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ: http://www.trilug.org/~lovelace/faq/TriLUG-faq.html
