tech-kern archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: To test presence of CVE-2018-6922 ( TCP vulnerability) in NetBSD5.1
>> I am trying to test presence of CVE-2018-6922 [...]
> NetBSD 5 is not supported anymore, and NetBSD 6 is about to reach
> EOL. So there is no way this is ever going to be fixed in NetBSD 5.
That's a bit of an overstatement. Not fixed _by NetBSD_, perhaps, but
there are at least a few people still using and, to some extent,
maintaining EOLed NetBSD. I, for example, still run and evolve 5.2,
among others.
> There was a small conversation about the issue yesterday, in case
> you're interested: [...]
But NetBSD is vulnerable if the threat model includes malicious
attacks, even if it is resistant against pathological behaviour
provoked by random fragment loss. (For that matter, it's not clear
from the reply whether the statement applies to all NetBSD or only
recent NetBSD - though code inspection makes it appear it's true of
1.4T and 5.2 and presumably everything in between.)
/~\ The ASCII Mouse
\ / Ribbon Campaign
X Against HTML mouse%rodents-montreal.org@localhost
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
Home |
Main Index |
Thread Index |
Old Index