Subject: Re: Article
To: Steven M. Bellovin <>
From: Manuel Bouyer <>
List: current-users
Date: 01/11/2003 21:47:54
On Thu, Jan 09, 2003 at 11:06:46AM -0500, Steven M. Bellovin wrote:
> In message <>, Mihai Chelaru writes:
> >Anyone read this ? 
> >,3959,809353,00.asp?kc=EWTH102099TX1K0100487
> >
> >"The Linux, NetBSD and Microsoft Windows operating systems are known to 
> >have vulnerable link layer implementations, and it is extremely likely 
> >that other operating systems are also affected." 
> >
> >Any official position regarding this ?
> >
> Speaking for myself, I think this is a non-issue.  (It's also been 
> known for years.)  It's only a vulnerability if the attacker is on the 
> same LAN; if that's the case, ARP-spoofing can yield all traffic, just 

No, it's not restricted to the LAN. If you can make the system send you
a packet smaller than ETHER_MIN_LEN, and the system has a vulnerable driver,
the packet with the leaked data will be routed to your system.

Manuel Bouyer <>
     NetBSD: 23 ans d'experience feront toujours la difference