[UCLA-LUG] Re: [EuroHaCk] Linux 2.2.x ISN vulnerability (fwd)
Justin Boseant
jb@entrada.cs.ucla.edu
Wed, 29 Sep 1999 13:13:48 -0700 (PDT)
this is a continuing thread on bugtraq relating to linux 2.2.x (except
2.2.13preX) and the TCP stack security. If you are worried about the
affects this may cause...read on. If you would like any of the messages
related to this please email me personally at pix@ucla.edu
-justin
---------- Forwarded message ----------
From: Alesh Mustar <alesh@JPDESIGN.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
Date: Wed, 29 Sep 1999 09:00:10 +0200
Subject: Re: [EuroHaCk] Linux 2.2.x ISN vulnerability (fwd)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
There was a "fix" posted to the kernel mailing list
(http://kernelnotes.org/lnxlists/linux-kernel/lk_9909_04/msg00664.html
, which solves the problem. For those who do not wish to use 2.2.13preX
this can be solution.
Alesh
- ----- Original Message -----
From: Jeremy Buhler <jbuhler@SPEAKEASY.ORG>
To: <BUGTRAQ@SECURITYFOCUS.COM>
Sent: Tuesday, September 28, 1999 2:22 AM
Subject: Re: [EuroHaCk] Linux 2.2.x ISN vulnerability (fwd)
> > A weakness within the TCP stack in Linux 2.2.x kernels
> > has been discovered. The vulnerability makes it possible
> > to "blind-spoof" TCP connections.
>
> This vulnerability is fixed in kernels 2.2.13pre13 and
> later. Hopefully 2.2.13 will be released shortly and/or
> the relevant patch from pre13 will be released as an
> erratum versus 2.2.12. Alan?
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.1 for non-commercial use <http://www.pgp.com>
iQA/AwUBN/GoOix58z9XbdiGEQKKaACfa3Wo73TA43VX1TJbkN5mSE/BEKIAn1Ho
qCD5e5DxdlTNE23LXWGpgrFN
=CS3m
-----END PGP SIGNATURE-----