tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: To test presence of CVE-2018-6922 ( TCP vulnerability) in NetBSD5.1





On Fri, 10 Aug 2018 at 08:01, Ripunjay Tripathi <ripunjay.tripathi%gmail.com@localhost> wrote:
Thanks for the link.

On Fri, Aug 10, 2018 at 3:19 PM Maxime Villard <max%m00nbsd.net@localhost> wrote:
Le 10/08/2018 à 11:18, Ripunjay Tripathi a écrit :
> I am trying to test presence of CVE-2018-6922 [...]

NetBSD 5 is not supported anymore, and NetBSD 6 is about to reach EOL. So
there is no way this is ever going to be fixed in NetBSD 5.

I know that. I am interested in understanding if someone has already tested the presence OR could help me in my attempts to reproduce this.
I also need to fix this therefore wanted to be sure if my understanding of code tcp_input() is correct.

I think you are mistaken - there is no need to fix - see yesterday's conversation on tech-net, as maxv mentioned, and this from 14 years ago:

https://mail-index.netbsd.org/netbsd-announce/2004/03/04/0000.html

I know the code in question is opaque, but its effects should be obvious when running the exploit code.

Regards,
Alistair

PS. CERT-CC were informed that NetBSD was not affected in advance of publication, but haven't updated their list of vendors to include that.
 


Home | Main Index | Thread Index | Old Index