[12052] in bugtraq
Re: [EuroHaCk] Linux 2.2.x ISN vulnerability (fwd)
daemon@ATHENA.MIT.EDU (Alesh Mustar)
Wed Sep 29 15:49:02 1999
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-2"
Content-Transfer-Encoding: 7bit
Message-Id: <018001bf0a48$adfa7a60$ae3782c5@alesh>
Date: Wed, 29 Sep 1999 09:00:10 +0200
Reply-To: Alesh Mustar <alesh@JPDESIGN.NET>
From: Alesh Mustar <alesh@JPDESIGN.NET>
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
There was a "fix" posted to the kernel mailing list
(http://kernelnotes.org/lnxlists/linux-kernel/lk_9909_04/msg00664.html
, which solves the problem. For those who do not wish to use 2.2.13preX
this can be solution.
Alesh
- ----- Original Message -----
From: Jeremy Buhler <jbuhler@SPEAKEASY.ORG>
To: <BUGTRAQ@SECURITYFOCUS.COM>
Sent: Tuesday, September 28, 1999 2:22 AM
Subject: Re: [EuroHaCk] Linux 2.2.x ISN vulnerability (fwd)
> > A weakness within the TCP stack in Linux 2.2.x kernels
> > has been discovered. The vulnerability makes it possible
> > to "blind-spoof" TCP connections.
>
> This vulnerability is fixed in kernels 2.2.13pre13 and
> later. Hopefully 2.2.13 will be released shortly and/or
> the relevant patch from pre13 will be released as an
> erratum versus 2.2.12. Alan?
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.1 for non-commercial use <http://www.pgp.com>
iQA/AwUBN/GoOix58z9XbdiGEQKKaACfa3Wo73TA43VX1TJbkN5mSE/BEKIAn1Ho
qCD5e5DxdlTNE23LXWGpgrFN
=CS3m
-----END PGP SIGNATURE-----
