Thanks for the link.
Le 10/08/2018 à 11:18, Ripunjay Tripathi a écrit :
> I am trying to test presence of CVE-2018-6922 [...]
NetBSD 5 is not supported anymore, and NetBSD 6 is about to reach EOL. So
there is no way this is ever going to be fixed in NetBSD 5.
I know that. I am interested in understanding if someone has already tested the presence OR could help me in my attempts to reproduce this.
I also need to fix this therefore wanted to be sure if my understanding of code tcp_input() is correct.
I think you are mistaken - there is no need to fix - see yesterday's conversation on tech-net, as maxv mentioned, and this from 14 years ago:
I know the code in question is opaque, but its effects should be obvious when running the exploit code.
Regards,
Alistair
PS. CERT-CC were informed that NetBSD was not affected in advance of publication, but haven't updated their list of vendors to include that.