Subject: Re: teardrop-fix for 1.2(.1)?
To: None <current-users@NetBSD.ORG>
From: Greg A. Woods <>
List: current-users
Date: 11/27/1997 22:42:01
[ On , November 27, 1997 at 20:53:53 (GMT), Matthias Scheler wrote: ]
> Subject: Re: teardrop-fix for 1.2(.1)?
> NetBSD is not vulnerable for "teardrop", the problem is "land".
> And AFAIK there's no patch available yet.

That depends on what you mean by "vulnerable".  Until very recently
NetBSD was vulnerable to a local user (or did you have to be root???)
running an incorrectly compiled version of the "teardrop" program.
I.e. you'd panic your local host, not the target host.  I *think* I've
seen the fix to this pulled up to the 1.3 branch but I don't know about
any patches to 1.2 or 1.2.1.

							Greg A. Woods

+1 416 443-1734			VE3TCP			robohack!woods
Planix, Inc. <>; Secrets Of The Weird <>