Subject: Re: CA-98.13
To: None <Thilo.Manske@HEH.Uni-Oldenburg.DE>
From: Thorsten Frueauf <>
List: tech-net
Date: 12/29/1998 13:36:44

> No, CA-98-13 is *not* the teardrop/land attack as described in CA-97.28:

Ok, is there an exploit for this to test?

> Since most versions of both OpenBSD and FreeBSD were vulnerable to
> CA-98-13 I really doubt that NetBSD is not.

I had a look at and

which where referenced in the CERT as solution for the exploit. And I
*think* this is already in

$NetBSD: ip_input.c,v 1.76 1998/12/19 02:46:12 thorpej Exp $

which is NetBSD-current and

$NetBSD: ip_input.c,v 1998/11/15 19:18:13 cgd Exp $

which is NetBSD-1.3.3.

But then I am no expert or guru, so someone with a better clue might
care to speak.

   Name  : Thorsten Frueauf            Milano@irc cri@onaliM       //
   E-Mail: oder     \X/