Re: To test presence of CVE-2018-6922 ( TCP vulnerability) in NetBSD5.1

To: tech-kern%NetBSD.org@localhost
Subject: Re: To test presence of CVE-2018-6922 ( TCP vulnerability) in NetBSD5.1
From: Mouse <mouse%Rodents-Montreal.ORG@localhost>
Date: Fri, 10 Aug 2018 06:49:31 -0400 (EDT)

>> I am trying to test presence of CVE-2018-6922 [...]
> NetBSD 5 is not supported anymore, and NetBSD 6 is about to reach
> EOL.  So there is no way this is ever going to be fixed in NetBSD 5.

That's a bit of an overstatement.  Not fixed _by NetBSD_, perhaps, but
there are at least a few people still using and, to some extent,
maintaining EOLed NetBSD.  I, for example, still run and evolve 5.2,
among others.

> There was a small conversation about the issue yesterday, in case
> you're interested: [...]

But NetBSD is vulnerable if the threat model includes malicious
attacks, even if it is resistant against pathological behaviour
provoked by random fragment loss.  (For that matter, it's not clear
from the reply whether the statement applies to all NetBSD or only
recent NetBSD - though code inspection makes it appear it's true of
1.4T and 5.2 and presumably everything in between.)

/~\ The ASCII				  Mouse
\ / Ribbon Campaign
 X  Against HTML		mouse%rodents-montreal.org@localhost
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

References:
- To test presence of CVE-2018-6922 ( TCP vulnerability) in NetBSD5.1
  - From: Ripunjay Tripathi
- Re: To test presence of CVE-2018-6922 ( TCP vulnerability) in NetBSD5.1
  - From: Maxime Villard

Prev by Date: Re: To test presence of CVE-2018-6922 ( TCP vulnerability) in NetBSD5.1
Next by Date: Re: Too many PMC implementations
Previous by Thread: Re: To test presence of CVE-2018-6922 ( TCP vulnerability) in NetBSD5.1
Next by Thread: Re: To test presence of CVE-2018-6922 ( TCP vulnerability) in NetBSD5.1
Indexes:

Home | Main Index | Thread Index | Old Index