Subject: Re: teardrop-fix for 1.2(.1)?
To: None <current-users@NetBSD.ORG>
From: Greg A. Woods <email@example.com>
Date: 11/27/1997 22:42:01
[ On , November 27, 1997 at 20:53:53 (GMT), Matthias Scheler wrote: ]
> Subject: Re: teardrop-fix for 1.2(.1)?
> NetBSD is not vulnerable for "teardrop", the problem is "land".
> And AFAIK there's no patch available yet.
That depends on what you mean by "vulnerable". Until very recently
NetBSD was vulnerable to a local user (or did you have to be root???)
running an incorrectly compiled version of the "teardrop" program.
I.e. you'd panic your local host, not the target host. I *think* I've
seen the fix to this pulled up to the 1.3 branch but I don't know about
any patches to 1.2 or 1.2.1.
Greg A. Woods
+1 416 443-1734 VE3TCP robohack!woods
Planix, Inc. <firstname.lastname@example.org>; Secrets Of The Weird <email@example.com>